TZUTC: -0500
MSGID: 1137.consprcy@1:2320/105 2c93172f
PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0
TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
Broadcom hit by employee data theft after breach in ADP payroll system

Date:
Mon, 19 May 2025 10:43:00 +0000

Description:
ADP's business partner got served ransomware last September, an incident that
cascaded all the way to Broadcom.

FULL STORY

Customers of the global semiconductor giant Broadcom have had their sensitive
data leaked on the dark web after a two-step supply chain attack. Apparently,
a company called Business Systems House (BSH), a human capital management
(HCM) services provider from the Middle East, suffered a ransomware attack in
September 2024, in which a group known as El Dorado (later rebranded as
BlackLock), stole its files. 

This firm is a business partner of payroll company ADP which, in turn, worked
with Broadcom. In fact, the chip giant was in the process of switching 
payroll providers when the incident happened, meaning it almost dodged that
bullet. 

However, in December 2024, the two firms discovered the stolen data on the
internet. Because the data taken by the criminal actor was in an unstructured
format, definitively determining which employees were impacted and, for each
employee, which data fields were disclosed, was a lengthy process for 
BSH/ADP, and this information was not made available to Broadcom until May 
12, 2025, it was explained. 

According to The Register , who first broke the story, the attackers made 
away with the following data: National ID numbers National health insurance 
ID numbers Health insurance policy/ID numbers Financial account numbers Dates
of birth Salary details Employment termination date Personal email addresses
Personal phone numbers Home addresses 

Broadcom urged everyone to turn on MFA and any other security settings that
their financial institutions provide. Furthermore, it warned users to monitor
their financial records. 

Youll be forgiven for not knowing who El Dorado is. It is a relatively new
ransomware operation, emerging in March 2024, and already rebranded to
BlackLock. The files stolen from Broadcom were posted on the BlackLock leak
site, as well. Allegedly, the group consists of Russian-speaking individuals. 

Broadcom serves a diverse range of customers across various industries,
including technology, finance, healthcare, and telecommunications. Some of 
the biggest names include Apple, Samsung, Cisco, British Airways, and many
others. ADP, The Register claims, is no worse, but so far, no one reported
losing data. 

 Via The Register

======================================================================
Link to news story:
https://www.techradar.com/pro/security/broadcom-hit-by-employee-data-theft-aft
er-breach-in-adp-payroll-system

$$
--- SBBSecho 3.20-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 111 114 206 300 307 317 400 426 428
SEEN-BY: 229/470 664 700 705 266/512 291/111 320/219 322/757 342/200
SEEN-BY: 396/45 460/58 712/848 902/26 2320/0 105 3634/12 5075/35
PATH: 2320/105 229/426