BBC radio staff and freelancers alerted over personal data breach

BBC staff and freelancers past and present have received alerts about having their personal data breached.

Anyone who worked in radio recently, including some who have not worked for the corporation for over five years, are also affected.

On Friday, the BBC was informed by its supplier IBM that contractor, Zellis, has been affected by a vulnerability in the third-party software it uses (MOVEit Transfer, provided by Progress Software).

This led to a data breach affecting several organisations, including the BBC. The breach has been reported to the Information Commissioners Office and appears to be a significant global vulnerability.

Zellis manage the payroll process for the BBC and therefore hold personal data about BBC workers, who have been engaged, or are currently engaged by the BBC.

Anyone who has worked for the BBC in a staff or freelance position over the last few years had their personal details in the file, including name, date of birth, national insurance number and home address.

In an email, the BBC Payroll Services said: “While other organisations that have also been affected by the data breach have reported disclosure of personal financial details, Zellis has confirmed that they have no evidence that personal financial data (pay and bank account details) has been disclosed as part of the data breach. Zellis has provided written assurances of this to the BBC.”

As a result, the BBC is offering 12 months of free identity monitoring services known as Identity Plus, provided by Credit Reference agency Experian.

A BBC spokesperson told RadioToday: “Current staff and some former staff have been affected and we are contacting all those who have been impacted directly.

“We’re taking this incident extremely seriously. We’re working closely with the third party supplier subject to the breach and we continue to work with experts in this area.”

More details are available on a special website set up by the BBC here.