BlogNews30TH MAY 2024
AuthorSamir Yawar
6 min read
News

BBC and Cooler Master fall victim to data breach

Twitter
Facebook
WhatsApp
Email
LinkedIn
Cybersecurity news roundup for 31 May 2024

Welcome to our cybersecurity news roundup, where the newest exploits and attacks are highlighted regularly This week the BBC and Cool Master suffered data breaches that affected thousands of registered users. 

We report the details regarding the BBD and Cooler Master data breaches, and how they've impacted potential victims.

Cybersecurity News Roundup for 31 May 2024

Here’s what went down this week:

BBC Data Security Incident Targets Pension Scheme Members

The BBC has announced a significant data security incident that occurred on May 21, involving unauthorized access to files stored on a cloud-based service. This breach has compromised the personal information of members of the BBC Pension Scheme.

BBC was targeted by a data breach
The latest victim of a data breach | Source: BBC

Reports indicate that the incident has impacted approximately 25,000 individuals, including both current and former employees of the UK's national public service broadcaster.

The compromised data includes:

  • Full names

  • National Insurance numbers

  • Dates of birth

  • Gender

  • Home addresses

According to the announcement on the BBC Pension Scheme website, the breach did not expose telephone numbers, email addresses, bank details, financial information, or 'myPension Online' usernames and passwords.

The BBC assures that the operation of the pension scheme portal remains unaffected and is safe for continued use.

Impacted individuals will receive notifications via email from "[email protected]" or through postal mail if no email address is available. Those not receiving a notification should consider themselves unaffected by the incident.

The BBC has reported the incident to the UK's Information Commissioner's Office (ICO) and the Pensions Regulator.

The BBC has apologized to its former and current staff for the breach and stated that there is no evidence the compromised data has been misused. However, they advise pension members to stay vigilant.

"Analysis undertaken by our specialist teams currently shows no evidence that the affected files have been misused, and this continues to be monitored," reads the announcement.

"While there is no specific action affected members need to take, it is always important to be alert to data and cyber security."

"We encourage members to be cautious of any unsolicited and unexpected communications that ask for your personal information or ask you to take unexpected steps."

Additionally, the BBC has published a FAQ page about the security incident, offering guidance on enabling two-factor authentication and activating a 24-month credit and web monitoring service provided by Experian.the theft of customer data by a threat actor.

Cooler Master Confirms Data Breach Exposing Customer Information

Computer hardware manufacturer Cooler Master has confirmed a data breach that occurred on May 19.

PC accessories maker Cooler Master logo
Cooler Master suffers leak of confidential customer information | Source: CyberDaily

Cooler Master, renowned for its cooling devices, computer cases, power supplies, and other peripherals, disclosed the breach after reports surfaced about the incident.

A threat actor known as 'Ghostr' claimed responsibility for hacking the company's Fanzone website on May 18 and downloading its linked databases. The Fanzone site is used by customers to register product warranties, request RMAs, or open support tickets, necessitating the submission of personal data, including names, email addresses, phone numbers, birth dates, and physical addresses.

Ghostr reported downloading 103 GB of data during the Fanzone breach, affecting over 500,000 customers. Data samples shared by the threat actor were verified by BleepingComputer, confirming the accuracy of the information with numerous affected customers who had recently sought support or RMAs from Cooler Master. The samples also included product information, employee details, and email communications with vendors. Although the threat actor claimed to possess partial credit card information, BleepingComputer did not find such data in the samples.

Upon contact, Cooler Master confirmed the breach and outlined steps being taken to address the issue.

"We can confirm on May 19, Cooler Master experienced a data breach involving unauthorized access to customer data. We immediately alerted the authorities, who are actively investigating the breach. Additionally, we have engaged top security experts to address the breach and implement new measures to prevent future incidents. These experts have successfully secured our systems and enhanced our overall security protocols. We are in the process of notifying affected customers directly and advising them on next steps. We are committed to providing timely updates and support to our customers throughout this process," Cooler Master stated.

The threat actor has indicated intentions to sell the leaked data on hacking forums but has not disclosed a price.

Given the potential scale of the breach, with information on 500,000 Cooler Master customers possibly at risk, those who have registered accounts on the Fanzone site should be vigilant against targeted phishing emails and other social engineering attacks aimed at further personal information theft.

Previous Coverage

Want to catch up on the latest security news? Check out:


Samir Yawar
Samir Yawar / Content Lead
Samir wants a world where people can instinctively whack online scams and feel accomplished without the need for psychic powers. As an ISC2 member, he is doing his bit to turn cybersecurity awareness training into a fun concept with simple, approachable and accessible content. Reach out to him at X @yawarsamir
FAQsFrequently Asked Questions
Information at risk in a data breach can include personal details (names, addresses, social security numbers), financial information (credit card numbers, bank account details), login credentials, medical records, and other sensitive data. The severity of the breach depends on the type and amount of information compromised.