BT Group hit by Black Bast ransomware gang, took servers offline
Learn More
BT Group (formerly British Telecom), the United Kingdom's leading telecommunications provider, has confirmed a security incident involving the Black Basta ransomware group targeting their BT Conferencing division. The company has shut down affected servers after detecting the breach.
BT maintains that the incident was contained to specific elements of their conferencing platform, which were isolated, and that live conferencing services remain operational with no impact on other BT Group or customer services.
The Black Basta ransomware group claims to have exfiltrated approximately 500GB of data and has published folder listings and document screenshots as proof of their claims. They have added a countdown on their dark web site, threatening to release the allegedly stolen data.
Black Basta claims to have stolen data, including:
- Financial data
- Organizational data
- User data and personal documents
- NDA documents
- Confidential information
- Employee personal information (including passport images)
BT Group has not disclosed whether any systems were encrypted or if data was successfully exfiltrated. The incident remains under investigation, with BT Group working alongside regulatory and law enforcement bodies as part of their response.
