Data Breach at BT Conferencing: Black Basta Claims 500GB Haul, BT Confirms Attack
The British telecom giant BT Group has faced a cyberattack attempt targeting a division within its legacy business structure. The hacker group Black Basta has claimed responsibility for the incident, listing the company’s name on their website. However, the actual target was far less extensive—BT Conferencing, a subsidiary based in Massachusetts.
BT Group confirmed that the attack was aimed at specific elements of the BT Conferencing platform, which were promptly disabled and isolated. According to the company, the affected servers have no impact on the operational functionality of BT Conferencing, which remains fully operational. Other group services and customer data were not compromised. The incident is under investigation in collaboration with regulatory and law enforcement agencies.
Black Basta alleges the theft of approximately 500 GB of data, including financial records, non-disclosure agreements, user information, and other documents. Samples shared on the group’s site reportedly include scans of identification cards, visa documents, and employee bonus details. However, much of the material appears to date back to the previous decade.
Black Basta, operating under a Ransomware-as-a-Service (RaaS) model since April 2022, has targeted numerous high-profile organizations, including the German defense company Rheinmetall, Swiss robotics firm ABB, and UK technology outsourcing company Capita.
According to the FBI and CISA, Black Basta and its affiliates have attacked over 500 organizations between April 2022 and May 2024. The group has encrypted and stolen data from at least 12 of the 16 critical infrastructure sectors.
Following the disbandment of the cybercrime syndicate Conti in May 2022, several splinter groups emerged, one of which is believed to be Black Basta. Research by Elliptic and Corvus Insurance reveals that the group has extorted at least $100 million in ransoms from more than 90 victims as of November 2023. Notably, the group reportedly attacked at least 20 victims within its first two weeks of operation.
