Supplier Ransomware Incident Notification

As a supplier of the Big Issue Group, we need to make you aware of a ransomware incident the Big Issue Group (BIG) became a victim of in late March 2024.

Upon discovery of the incident, we immediately engaged third party cyber security experts and took steps to contain the incident and recover our systems. Since then, we have, along with our third-party advisers, been taking steps to understand the wider impact of this incident, including undertaking a complex IT investigation. We have also notified regulators, including the UK Information Commissioner’s Office, and law enforcement, of the incident.

Our investigation into the incident is in its final stages and unfortunately, we have determined that some of your personal data has been impacted. We understand this may cause concern and we are sorry for this.

The data in question was present in our records because you are a current or former supplier of goods or services to a part of the Big Issue Group.

This notice includes important information regarding your personal data, the support we are offering and what you can do.

What this means for you

Our investigation identified that the following personal data relating to you has been impacted:

• Personal information including your name, home address, email (business and / or personal), telephone number.
• Bank account details (account number and sort code) that you provided to receive a payment.

The support we are providing

We would like to offer you 12 months of credit and identity monitoring services, provided by Experian’s “Identity Plus” service; a leader in this field. The monitoring service will alert you to any changes to your credit report (including if any applications were to be made in your name) as well as if your information is found online. You will find more details about accessing this service below.

What you can do

In addition, we understand that you may want to take additional steps to stay protected. Working with our external IT experts, we have set out below some steps that you can take in light of this incident to protect yourself and stay safe online. Best practice steps you can take include:

• Monitor your accounts: Keep an eye on your bank and other online accounts to monitor for any suspicious activity, such as attempts to login to internet services. If you see anything unusual, contact your bank immediately and explain that you’ve potentially been the victim of fraud. It’s also advisable to check your credit report to ensure credit isn’t taken out in your name. There are the three main credit agencies that can enable you to do this in the UK; these are Call Credit (also known as TransUnion), Experian and Equifax.

• Beware of scams: Be vigilant against any attempt by fraudsters (including those claiming to be related to The Big Issue Group and/or any of its group companies) who are attempting to contact you over the phone or email asking for personal information. This is known as “phishing” and again, there is a lot of information on how to spot these scams online such as https://www.ncsc.gov.uk/collection/phishing-scams.

• Report scams: You should report any such attempted scams to the police by calling the Action Fraud National Fraud & Cyber Crime Reporting Centre on 0300 123 2040 or by visiting https://www.actionfraud.police.uk/. 

• Consider password security: While you would not have provided us with any passwords, if you have reused or shared passwords across multiple services and devices, particularly if such passwords contained your date of birth or similar details to help you remember them, you may wish to consider implementing more secure passwords. There is a lot of helpful information online on how to set up strong passwords such as https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/use-a-strong-and-separate-password-for-email

Next steps

We take IT security and privacy matters incredibly seriously and, again, we are sorry for any concern caused. Whilst no organisation can guarantee absolute security given the ever-present cyber security challenge we all face – recent news stories demonstrate the size and scale of this issue – we, along with third party experts have undertaken an exhaustive IT investigation in respect of this incident, and we will continue to review the security processes we have in place on an ongoing basis.

The Big Issue Group exists to support those living at the sharp end of poverty, who are facing barriers to opportunity. This was an abhorrent act against our social enterprise and the causes we work to promote. Critically, despite the incident our staff continued to deliver against our mission to change lives through enterprise.

If you have further questions relating to the matters set out in this letter, the support we are offering and to access your Experian code, please contact us on 0115 804 9599* as soon as possible.

Yours sincerely,

Keren Segal

Group Chief Operating Officer

*Charges for calling 03 numbers are the same as for calls made to standard UK landline phone numbers starting 01 or 02.

If your landline or mobile phone package means you can call an 01 or 02 number as part of ‘free’ inclusive minutes, the same will apply to calling our 03 numbers.