Hackers breach U.K. Pension Protection Fund, steal employee data

Hackers obtained data on some employees of the U.K.’s Pension Protection Fund after exploiting a third-party data transfer service, according to a fund spokesperson.

The Pension Protection Fund manages £39 billion of assets for its 295,000 members, according to its website. The fund protects people with a defined benefit pension when an employer becomes insolvent. By exploiting the Go Anywhere transfer service, intruders compromised some employee data, Jenny Peters, a spokesperson for the fund, said in a statement.

The hackers were able to access the some of the fund’s data via GoAnywhere, which it uses for some secure data transfer, Ms. Peters said. The stolen information “was not related to our members or pensioners,” she said.

Affected employees were offered support in the form of an Experian monitoring service.

The ransomware gang Cl0p on Thursday claimed it had targeted the organization. The Cl0p group published a post on its website listing the Pension Protection Fund as one of its recent victims. The gang is known for using ransomware to encrypt its victims’ computers so they can’t be accessed, then demanding payment to unlock the files, while at the same time threatening to publish stolen information online.

GoAnywhere developer Fortra disclosed in early February that hackers had exploited a software vulnerability in its data transfer product. The Cl0p gang claimed it had exploited the security hole in GoAnywhere to steal data from over 130 organizations, according to the technology news website Bleeping Computer. A representative for Fortra didn’t immediately respond to a request for comment.

Read more @Pensions&Investements 

215 views