The BBC has launched an investigation following a data breach that exposed the personal details of more than 25,000 current and former employees.
The corporation’s pension scheme informed its members their details had been stolen in a data security incident.
It said it was taking the breach “extremely seriously.”
A spokesperson for the pension scheme confirmed that the breach affected approximately 25,290 individuals.
The BBC clarified there is no evidence suggesting the incident was a ransomware attack.
This is a common method used by organised cybercrime groups to steal large amounts of personal data.
The BBC operates one of the largest occupational pension schemes in the UK, with over 50,000 members.
The breach involved private records being “copied from an online data storage service.”
It exposed names, dates of birth, sexes, home addresses, national insurance numbers, and membership indications of the BBC pension scheme.
Fortunately, no bank details, financial information, telephone numbers, email addresses, usernames, passwords, or sensitive health information were compromised.
The incident has been reported to the UK’s privacy regulator, the Information Commissioner’s Office (ICO), and the Pensions Regulator.
Catherine Claydon, chair of the BBC Pension Trust, reassured members in an email.
She said: “We take this incident extremely seriously and we want to reassure you that we and the BBC have taken immediate steps to assess and contain the incident.
“Please be reassured that we have responded quickly and that the source of the incident has been secured.”
No bank details, financial information, telephone numbers, email addresses, usernames, passwords, or sensitive health information were compromised
The BBC is working with specialist teams internally and externally to understand how the breach occurred.
Need Career Advice? Get employment skills advice at all levels of your career
As a precaution, additional security measures have been implemented, and the situation continues to be monitored.
The BBC has advised affected members to remain vigilant for any unusual activity.
In a statement, a pension scheme spokesperson apologized to members and emphasized the source of the incident had been secured.
This is the second known data breach suffered by the BBC in under a year.
Last June, the corporation was among several companies, including British Airways, Boots, and Aer Lingus, affected by a mass hack.
It was believed to have have been carried out by a Russian-speaking organized cybercrime group.
A spokesperson for the ICO said: “BBC Pension Trust has made us aware of an incident, and we are assessing the information provided.”