Big Issue subject to latest cybergang attack

The hackers claim to have stolen 550GB of confidential information

Big Issue subject to latest cybergang attack

Ransomware gang Qilin has claimed responsibility for hacking the Big Issue Group’s IT systems and stealing confidential data. The gang shared photos as evidence on its dark web page.

The information Qilin's teased on its dark web page includes the driving licence and salary information of the Big Issue Group's CEO, Paul Cheal. It also released the company's financials, which are not public.

The gang also compromised employee data, including personal addresses, employee details and passport scans. Qilin did not demand a ransom, but did accuse the Big Issue of trying to "hide the fact of hacking and leakage of personal data."

The Big Issue took "proactive steps" once it was aware of the cyber incident, which Cheal said has guaranteed that operations and magazine distribution are not affected. He added that the leak "is a criminal act against our social activities and the causes we work to promote."

The Group has notified both law enforcement and the ICO about the breach.

The Big Issue Group provides newspapers sold by the homeless in London, offering them a chance to earn an income. Cheal added, "we exist to support those living at the sharp end of poverty, who are facing barriers to opportunity."

Ransomware attacks on charitable organisations are common, such as the recent BianLian ransomware attack on Save the Children.

"The attack on the Big Issue shows the inhumanity of ransomware criminals… This is why it is essential for all organisations, including non-profits, to improve their cyber defences," added Trevor Dearing, director of critical infrastructure at Illumio.

Who is Qilin?

Qilin is a ransomware group primarily using phishing techniques to gain access to their victims' networks. It focuses on valuable data held by education, healthcare and critical services organisations. Qilin was responsible for eight confirmed ransomware attacks in 2023.

Once Qilin has accessed sensitive data, the gang encrypts it and demands payment for both the decrypting and its non-release. It publishes information about its victims on the dark web, and also offer Ransomware as a Service (RaaS) for the use of other criminals.

According to cybersecurity firm Group-IB, "many Qilin ransomware attacks are customised for each victim to maximise their impact."

Qilin is another name for the ransomware gang Agenda, which was discovered in 2022. While the name is taken from Chinese mythology, the gang is thought to be Russian.

The International Commissioner's Office has reported an increasing prevalence of ransomware attacks since 2020.

Cyber threats are rising, and IT leaders need the latest information to stay ahead of the curve. Join us at the Cybersecurity Festival on 2nd May, where we bring together the most senior and influential voices from security leaders throughout the UK. Click here to secure your free place.