CyberSecurity news
FlagThis
Dissent@DataBreaches.Net
//
A ransomware attack on Business Systems House (BSH), a Middle Eastern partner of payroll provider ADP, resulted in the theft of Broadcom employee data in September 2024. The breach was claimed by the El Dorado ransomware group, who according to open source trackers, took responsibility in November of that year. Broadcom, a multinational semiconductor and infrastructure software company, used ADP for payroll processing, with BSH functioning as ADP’s regional provider in the Middle East.
Broadcom was in the process of transitioning away from ADP and BSH at the time of the attack; however, the switch had not been finalized. Sensitive data was compromised, and although the data was leaked online in December 2024, Broadcom was not informed about the breach until May 12, 2025. The delay in notification highlights the challenges organizations face in monitoring and securing extended vendor ecosystems. The stolen data was in an unstructured format, complicating the process of identifying affected employees and the specific data fields disclosed.
After discovering the attack, BSH/ADP have been working with ADP and outside experts to investigate the incident and take the necessary steps to harden BSH's environment to protect from similar attacks. Local law enforcement and data protection authorities have been notified. It's understood Broadcom's HR department has begun the process of informing current and former staff who are affected by the ransomware attack.
References :
Broadcom was in the process of transitioning away from ADP and BSH at the time of the attack; however, the switch had not been finalized. Sensitive data was compromised, and although the data was leaked online in December 2024, Broadcom was not informed about the breach until May 12, 2025. The delay in notification highlights the challenges organizations face in monitoring and securing extended vendor ecosystems. The stolen data was in an unstructured format, complicating the process of identifying affected employees and the specific data fields disclosed.
After discovering the attack, BSH/ADP have been working with ADP and outside experts to investigate the incident and take the necessary steps to harden BSH's environment to protect from similar attacks. Local law enforcement and data protection authorities have been notified. It's understood Broadcom's HR department has begun the process of informing current and former staff who are affected by the ransomware attack.
Share:
References :
- DataBreaches.Net: Ransomware Attack on ADP Partner Exposes Broadcom Employee Data
- The Register - Security: Broadcom employee data stolen by ransomware crooks following hit on payroll provider
- malware.news: Ransomware attack on ADP partner exposes Broadcom employee data
- databreaches.net: Ransomware Attack on ADP Partner Exposes Broadcom Employee Data
- Rescana: Broadcom Data Breach: Ransomware Attack on Business Systems House Highlights Third-Party Cybersecurity Risks
- AAKL: A ransomware attack at a Middle Eastern business partner of payroll company ADP has led to customer data theft at Broadcom, The Register has learned.
- www.techradar.com: Broadcom hit by employee data theft after breach in supply chain
Classification:
- HashTags: #RansomwareAttack #DataBreach #ThirdPartyRisk
- Company: ADP
- Target: Broadcom Employees
- Attacker: El Dorado
- Product: ADP Payroll
- Feature: data theft
- Malware: El Dorado
- Type: Ransomware
- Severity: Major