BT Group, the UK’s leading telecommunications provider, confirmed a security breach involving its BT Conferencing business division, attributed to the Black Basta ransomware group. The attack led to the shutdown of several servers, with BT taking immediate action to isolate and secure the affected infrastructure. According to a company spokesperson, the breach was confined to specific elements of the BT Conferencing platform, which was swiftly taken offline to prevent further damage. Despite the incident, BT clarified that live conferencing services remained operational, and no other BT Group services were impacted.
The Black Basta ransomware group, known for its Ransomware-as-a-Service (RaaS) model, claimed responsibility for the breach and allegedly stole 500GB of sensitive data from BT Conferencing’s servers. The stolen information is said to include financial documents, organizational data, personal information, and confidential company files, some of which were shared by the attackers as proof of their claims. The gang also published folder listings and screenshots of documents related to BT’s hiring processes, further confirming the breach’s severity.
In addition to the data theft, Black Basta added a countdown timer on its dark web leak site, warning that the stolen information would be released within the next week unless a ransom was paid. While BT maintained that the incident was an attempted compromise, the evidence provided by the attackers suggests a more significant breach, raising concerns over the potential exposure of sensitive corporate data. The company is actively investigating the breach, working with law enforcement and regulatory bodies to determine the full scope of the attack.
Black Basta has been notorious for its high-profile attacks on major organizations worldwide, with past victims including healthcare providers, government contractors, and defense companies. Since its emergence in April 2022, the ransomware group has targeted over 500 organizations, demanding millions of dollars in ransom payments. This latest attack on BT highlights the ongoing threat posed by ransomware gangs and underscores the need for companies to implement robust cybersecurity measures to defend against such sophisticated threats.
Reference:
