Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Daily Mirror
Daily Mirror
National
Susie Beever

'Horrified' ex-BBC worker says bosses 'never apologised' when data stolen in cyber attack

An ex-BBC employee whose personal data was stolen by cyber attackers says staff haven't received an apology - but were offered a security software subscription instead.

The former staffer is one of thousands across eight major companies and organisations hit by the data breach last month, which is suspected to have been the work of Russian cyber hacking group 'Clop'.

He told the Mirror his address and National Insurance number were just some of his details taken in the attack.

The hack occurred when Zellis, a payroll platform, was transferring files using a third-party web transfer tool with a security weakness, which was then exploited by cyber ghouls.

British Airways and Boots were also among the huge companies to confirm they were hit by the breach, although the remaining five hit have not come forward.

Data held by Zellis - a payroll platform used by some of the UK's biggest companies - was compromised (Zellis)

The BBC meanwhile has reiterated that no bank details were taken in the attack, with a police investigation ongoing.

"The BBC sent this email almost as if it was something trivial," said the Wales-based ex-employee, who worked for the company on and off on a freelance basis between 2012 and 2017.

The email in question, seen by the Mirror, provides no apology to staff but urges those affected to use identity monitoring software from Experian, offering 12 months' free access.

Data taken includes names of current and former staff, their addresses, dates of birth, National Insurance numbers, email addresses and dates worked for the BBC.

It's not known the exact number of BBC staff affected, although the organisation currently employs around 21,000 people.

"I was horrified," the former staff member said. "These are big companies [affected by the breach] and they owe more to their past and present staff.

"Surely every employer has that basic responsibility when it comes to protecting people's data? They haven't even apologised, it's just shocking that you can be exposed like that and it can be downplayed in the manner they have."

An email sent to BBC staff on June 8 by the organisation's payroll department said: "On Friday 2 June, the BBC were informed by our supplier IBM that their contractor, Zellis, has been affected by a vulnerability in the third-party software it uses (MOVEit Transfer, provided by Progress Software).

"This led to a data breach affecting several organisations, including the BBC. The breach has been reported to the Information Commissioners Office and appears to be a significant global vulnerability.

"Zellis manage the payroll process for the BBC and therefore hold personal data about BBC workers, who have been engaged, or are currently engaged by the BBC."

It adds: "While other organisations that have also been affected by the data breach have reported disclosure of personal financial details, Zellis has confirmed that they have no evidence that your personal financial data (pay and bank account details) has been disclosed as part of the data breach. Zellis has provided written assurances of this to the BBC."

Russian hacking group Clop meanwhile has been suspected to have been involved in last month's attack, posting company profiles of various victims worldwide since June 14 to pressure the companies into paying ransoms.

None of the UK companies affected so far have been listed on the dark web, the BBC reports, while the group has also denied holding the data.

The former staff member added: "What this was about for me was the email. It lacked sincerity and a little bit of humanity, downplaying the seriousness of it all."

A BBC spokesperson said: “We’re taking this incident extremely seriously and we are working with our specialist teams and external experts.”

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.