In June 2023, the BBC revealed that a cyber-attack had exposed the personal details of employees and contractors paid via PAYE. The data was leaked through a payroll provider used by the BBC, and the fallout was serious.
If your details were exposed, you could be entitled to compensation. Here’s what you need to know.
How the BBC employee data breach happened
The attack stemmed from a vulnerability in MOVEit – a file transfer tool used by Zellis, the payroll support company working with the BBC via IBM. MOVEit is used by businesses around the world to share data securely. But in this case, it was anything but secure.
Hackers exploited the flaw and accessed sensitive personal information. It’s part of a global cyber-attack linked to the Russian ransomware group Clop, which has targeted hundreds of organisations using the same method.
What data was exposed?
If you were affected, the data leaked could include:
- Your full name and title
- Date of birth
- National Insurance number
- Home address (line 1)
- BBC email address
- BBC employment or engagement dates
- BBC ID number
In short, plenty of information that could be used for identity theft or fraud.
Who was affected?
The breach impacted current and former BBC staff, as well as contractors paid through PAYE. If you received a notification from the BBC explaining that your data was part of the breach, you could be eligible to claim compensation. And it’s not too late to join a claim.
What has the BBC done since?
The BBC acted quickly to inform those affected and offered a year’s free credit and web monitoring with Experian. They also advised people to update passwords, check bank accounts for suspicious activity, and report any suspected fraud.
While these steps are helpful, they don’t undo the stress and risk caused by the breach.
Why compensation matters
Organisations have a legal duty to protect your personal data, including when they work with outside suppliers. If those protections fall short and your data ends up in the wrong hands, you have a right to seek justice.
If your personal information was caught up in this data breach, you could be owed compensation.
What’s happening now?
Law firms are pursuing group claims on behalf of those affected. If you join the claim, you won’t have to pay anything upfront. It’s a no win, no fee case. That means there’s no financial risk to you.
If you worked for the BBC or were paid by them on a PAYE basis and received notice your data was involved in the breach, you may qualify for compensation.
Use our quick, secure tool to find out if you’re eligible, it only takes a minute.
