TZUTC: -0500   
   MSGID: 1137.consprcy@1:2320/105 2c93172f   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Broadcom hit by employee data theft after breach in ADP payroll system   
      
   Date:   
   Mon, 19 May 2025 10:43:00 +0000   
      
   Description:   
   ADP's business partner got served ransomware last September, an incident that   
   cascaded all the way to Broadcom.   
      
   FULL STORY   
      
   Customers of the global semiconductor giant Broadcom have had their sensitive   
   data leaked on the dark web after a two-step supply chain attack. Apparently,   
   a company called Business Systems House (BSH), a human capital management   
   (HCM) services provider from the Middle East, suffered a ransomware attack in   
   September 2024, in which a group known as El Dorado (later rebranded as   
   BlackLock), stole its files.    
      
   This firm is a business partner of payroll company ADP which, in turn, worked   
   with Broadcom. In fact, the chip giant was in the process of switching    
   payroll providers when the incident happened, meaning it almost dodged that   
   bullet.    
      
   However, in December 2024, the two firms discovered the stolen data on the   
   internet. Because the data taken by the criminal actor was in an unstructured   
   format, definitively determining which employees were impacted and, for each   
   employee, which data fields were disclosed, was a lengthy process for    
   BSH/ADP, and this information was not made available to Broadcom until May    
   12, 2025, it was explained.    
      
   According to The Register , who first broke the story, the attackers made    
   away with the following data: National ID numbers National health insurance    
   ID numbers Health insurance policy/ID numbers Financial account numbers Dates   
   of birth Salary details Employment termination date Personal email addresses   
   Personal phone numbers Home addresses    
      
   Broadcom urged everyone to turn on MFA and any other security settings that   
   their financial institutions provide. Furthermore, it warned users to monitor   
   their financial records.    
      
   Youll be forgiven for not knowing who El Dorado is. It is a relatively new   
   ransomware operation, emerging in March 2024, and already rebranded to   
   BlackLock. The files stolen from Broadcom were posted on the BlackLock leak   
   site, as well. Allegedly, the group consists of Russian-speaking individuals.    
      
   Broadcom serves a diverse range of customers across various industries,   
   including technology, finance, healthcare, and telecommunications. Some of    
   the biggest names include Apple, Samsung, Cisco, British Airways, and many   
   others. ADP, The Register claims, is no worse, but so far, no one reported   
   losing data.    
      
    Via The Register   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/broadcom-hit-by-employee-data-theft-aft   
   er-breach-in-adp-payroll-system   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 114 206 300 307 317 400 426 428   
   SEEN-BY: 229/470 664 700 705 266/512 291/111 320/219 322/757 342/200   
   SEEN-BY: 396/45 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426