UK Communications Regulator Ofcom Says Hackers Stole Confidential Data

Article

The hackers responsible for the MOVEit cyberattack downloaded confidential information from UK communications regulator Ofcom about companies it regulates, as well as its own employees — adding to a string of victims which includes IAG SA’s British Airways and the British Broadcasting Corp.

“A limited amount of information about certain companies we regulate – some of it confidential – along with personal data of 412 Ofcom employees, was downloaded during the attack,” an Ofcom spokesman said by email. “We took immediate action to prevent further use of the MOVEit service and to implement the recommended security measures. We also swiftly alerted all affected Ofcom-regulated companies, and we continue to offer support and assistance to our colleagues.”

Ofcom didn’t respond to a follow-up question about which companies were affected. However, BT Group Plc, which runs mobile carrier EE and UK’s largest fixed network Openreach, was one of the companies whose information was taken, a spokesman said.

BT doesn’t use MOVEit software, the spokesman said.

“We’re working closely with Ofcom to assess the impact of any BT Group data that may have been exposed as part of this issue,” a BT spokesperson said. “We understand that any BT Group data involved relates to commercial and operational data, rather than sensitive personal information on our employees or customers.

Ofcom regulates British telecommunications, post, television and other communications services. MOVEit is a file transfer product from Progress Software Corp.

Photograph: The media watchdog OFCOM (Office of Communication) logo on the front of its London headquarters on Jan. 18, 2007. Photo credit: Bruno Vincent/Getty Images.