Ransomware attack on payroll subsidiary exposes sensitive info if Broadcom employees
Learn More
Broadcom is reporting a data breach affecting hundreds of its employees following a ransomware attack on one of its payroll service providers.
The incident originated in September 2024 and involved Business Systems House (BSH), a Middle Eastern subsidiary of global payroll company ADP. The breach remained undetected until December 2024 when stolen data began appearing online, and Broadcom was not informed about which specific employees were affected until May 12, 2025.
The security incident has been attributed to the cybercriminal organization known as the El Dorado ransomware group. The attack initially compromised five employee accounts at the payroll provider, ultimately exposing personal and sensitive information of 560 Broadcom employees based in Middle Eastern countries. The exposed data includes:
- National identification numbers
- Financial account numbers
- Health insurance details
- Dates of birth
- Salary information
- Contact details
ADP has largely distanced itself from the incident, describing it as affecting only "a small subset of ADP clients" in "certain countries in the Middle East."
Broadcom has not publicly disclosed specific remediation steps or offered any compensation or credit monitoring services to affected employees at this time.
