the big issue hack claim by qilin
Qilin posted on its website that it hacked The Big Issue

Ransomware group Qilin today claimed to have stolen 550 GB of data from The Big Issue, a UK-based street newspaper. The data breach includes personal data, contracts, financial reports, and other private info, according to Qilin. Qilin posted screenshots that allegedly prove its claim, including scans of employee passports.

The Big Issue responded to Comparitech’s request for comment with the following statement:

“Last week, the Big Issue Group experienced a cyber incident. On becoming aware of this, we took immediate steps to restrict access to our systems, working with external IT security experts, and the investigation into the incident is ongoing. Thanks to the proactive steps taken, we have been able to begin restoring our systems and are operating with limited disruption. The publication and distribution of the Big Issue magazine is not impacted by this incident.

 

As part of our investigation, we’ve identified that certain data related to our organisation has been posted to the dark web by the perpetrators of this incident. We’re working with our external IT expert to complete our investigation as a matter of priority alongside the NCSC, the National Crime Agency, and the Metropolitan Police. In addition, we have notified relevant regulators and would like to thank our staff, partners, and suppliers for their patience whilst our investigation continues.

 

This is a criminal act against our social activities and the causes we work to promote. […]”

Prior to giving that statement, Qilin stated on its website, “[The Big Issue] wants to hide the fact of hacking and leakage of personal data.”

The Big Issue hasn’t specified what data was stolen, whether a ransom was demanded or paid, or how Qilin infiltrated its system.

What data was affected?

Qilin on March 26, 2024 claimed to have stolen the following data:

  • Personnel: copies of documents, employee personal data
  • Contracts: reports, partner data
  • Financial reports, transactions, income

Qilin specifically mentions data from Big Issue Invest, a social impact investing solution that since 2005 says it has invested over £80 million in more than 550 organisations that help people in poverty. It has 140 investees and £45 million in assets under management, according to its website.

The Big Issue has neither confirmed nor denied Qilin’s claims.

Who is Qilin?

Qilin, also known as Agenda, is a Russia-based hacking group that mainly targets victims through phishing emails to spread its ransomware. It launched in August 2022 and also offers ransomware-as-a-service to third parties. Most of its targets up to this point have been in Asia and Africa.

Its attacks usually involve double extortion, in which Qilin demands payment to decrypt files encrypted by its ransomware, as well as a second payment in exchange for not releasing or selling stolen data.

In 2023, Qilin was responsible for eight confirmed ransomware attacks across the world, including its attack on Australia’s Court Services Victoria. This year, Qilin appears to have upped the number of claims. According to our data, Qilin claimed 29 attacks this year so far (none of which have been confirmed yet), four more than it claimed throughout the entire second-half of 2023 (25).

What can I do if this attack affects me?

Affected employees, investors, and customers should take steps to protect their accounts and identities from potential compromise. Keep an eye on your financial accounts for suspicious activity, monitor your credit, and be wary of phishing emails and messages from scammers posing as The Big Issue or a related company. If you have an account with The Big Issue, change your password immediately (as well as any other accounts that share the same password.

About The Big Issue

The Big Issue is one of the UK’s leading social businesses and and says it exists to offer homeless people, or individuals at risk of homelessness, the opportunity to earn a legitimate income, thereby helping them to reintegrate into mainstream society. It is one of the world’s most widely circulated street newspapers.

A spokesperson for The Big Issue told Comparitech, “Founded in 1991, the Big Issue Group is a social business, with media, investment, recruitment and campaigning arms, working under one shared mission, to create innovative solutions through enterprise, to unlock social and economic opportunity for the millions of people in the UK living in poverty. ”