BT unit took servers offline after Black Basta ransomware breach
Multinational telecommunications giant BT Group (formerly British Telecom) has confirmed that its BT Conferencing business division shut down some of its servers following a Black Basta ransomware breach.
BT Group is the United Kingdom's leading fixed and mobile telecom provider. It also provides managed telecommunications, security, and network and IT infrastructure services to customers in 180 countries.
A company spokesperson told BleepingComputer that the security incident didn't impact BT Group's operations or BT Conferencing services, so it is unclear if any systems were encrypted or only data stolen.
"We identified an attempt to compromise our BT Conferencing platform. This incident was restricted to specific elements of the platform, which were rapidly taken offline and isolated," BleepingComputer was told.
"The impacted servers do not support live BT Conferencing services, which remain fully operational, and no other BT Group or customer services have been affected."
While BT said there was only an attempt to compromise their platform, they also said they took impacted servers offline.
This comes after the Black Basta ransomware gang claimed they breached the company's servers and allegedly stole 500GB of data, including financial and organizational data, "users data and personal docs," NDA documents, confidential information, and more.
The cybercrime group also published folder listings and multiple screenshots of documents requested by the company during the hiring process as proof of their claims.
The ransomware gang also added a countdown to their dark web leak site, saying the allegedly stolen data would be leaked next week.
With the threat actors now claiming to have stolen hundreds of GBs of documents from BT Conferencing servers, it looks like this was a serious breach rather than just an attempt.
"We're continuing to actively investigate all aspects of this incident, and we're working with the relevant regulatory and law enforcement bodies as part of our response," the BT Group spokesperson added.
The Black Basta Ransomware-as-a-Service (RaaS) operation surfaced in April 2022 and has claimed many high-profile victims worldwide, including healthcare companies and government contractors.
Some of its most notable victims include U.S. healthcare giant Ascension, U.K. tech outsourcing firm Capita, German defense contractor Rheinmetall, government contractor ABB, Hyundai's European division, the Toronto Public Library, the American Dental Association, and Yellow Pages Canada.
CISA and the FBI said in May that Black Basta affiliates have breached over 500 organizations, collecting at least $100 million in ransom payments from over 90 victims until November 2023.
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
InformationalCross Site Scripting (Persistent) - Spider
MediumInteger Overflow Error
MediumFormat String Error
InformationalAuthentication Request Identified
InformationalASP.NET ViewState Disclosure
Free online web security scanner
