Ethical Hacking News
A devastating ransomware attack on a subsidiary of payroll provider ADP has resulted in the theft of sensitive data from Broadcom, leaving both companies grappling with the aftermath. The breach, attributed to the El Dorado ransomware group, exposed personal information from over 560 employees and has sparked concerns within the cybersecurity community. As the investigation continues, it remains unclear how the breach occurred, but one thing is certain - organizations must remain vigilant in their defense against these types of malicious attacks.
Broadcom was targeted in a ransomware attack that compromised sensitive customer data from its payroll provider BSH. The breach, attributed to the El Dorado ransomware group, resulted in the theft of personal data from approximately 560 employees. The attackers made available on the dark web, with some stolen data reportedly linked to multiple countries in the Middle East. ADP has distanced itself from the breach and claims that only a small subset of its clients were affected. Broadcom has not confirmed the scope of the incident or provided a detailed explanation of what happened.
Broadcom, a leading technology company, has been left reeling from a devastating ransomware attack that targeted its payroll provider, Business Systems House (BSH), a subsidiary of the American Deposit & Trust Company for Payment Services (ADP). The incident, which occurred in September 2024, resulted in the theft of sensitive customer data from BSH's database, with Broadcom ultimately falling victim to the breach.
According to sources close to the matter, BSH was aware of the ransomware attack as early as late September 2024. However, it wasn't until December 2024 that the company became aware that personal data had been made available on the internet. This revelation prompted an immediate investigation into the incident and led to the involvement of external experts, law enforcement, and data protection authorities.
As part of its efforts to contain the breach, BSH notified ADP, its parent company, about the incident. However, it was not until May 12, 2025, that Broadcom's HR department informed current and former employees who were affected by the ransomware attack. The email confirmed that BSH no longer uses ADP or its subsidiary for payroll services in the Middle East, a move that was already underway at the time of the incident.
The breach, attributed to the El Dorado ransomware group, resulted in the theft of sensitive data from approximately 560 employees who had their accounts compromised. This included personal email addresses, phone numbers, home addresses, national ID numbers, and health insurance policy IDs, among other types of information. The data was made available on the dark web by the attackers, with some of the stolen data reportedly linked to multiple countries in the Middle East.
The incident has sparked concern within the cybersecurity community, with many experts citing the sophistication and reach of the El Dorado ransomware group. This group, known for its association with other notorious cybercrime groups such as BlackLock, has been linked to a range of high-profile attacks in recent months. The attackers' demands included a $10 million ransom payment, with the threat of further data publication if the request was not met.
ADP has distanced itself from the breach, stating that only a small subset of its clients were affected and that no data within the ADP environment was compromised. The company claims to have taken significant action to address the incident and protect its clients' sensitive information. In light of this, it remains unclear how the breach occurred in the first place.
Broadcom has yet to confirm the scope of the incident or provide a detailed explanation of what happened. However, the company's decision not to respond to requests for comment raises questions about its willingness to be transparent regarding the severity of the breach and the steps being taken to rectify the situation.
In light of this latest development, cybersecurity experts are urging organizations to remain vigilant in their defense against ransomware attacks. The El Dorado incident serves as a stark reminder of the ongoing threat posed by these malicious actors and the potential consequences for businesses and individuals alike.
As the investigation into the breach continues, one thing is clear: the ripple effects of this incident will be felt across multiple industries and organizations. It remains to be seen how effectively ADP and Broadcom can contain and mitigate the damage caused by this cyberattack, but one thing is certain - the cybersecurity landscape has been left shaken once again.
Related Information:
https://www.ethicalhackingnews.com/articles/Ransomware-Attack-on-Broadcoms-ADP-Client-Leaves-Trail-of-Damaged-Data-and-Uncertainty-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/05/16/broadcom_employee_data_stolen_by/
https://www.theregister.com/2025/05/16/broadcom_employee_data_stolen_by/
https://technewstube.com/the-register/1728000/broadcom-employee-data-stolen-ransomware-crooks-following/
https://www.theregister.com/2024/07/09/eldorado_ransomware_linux_windows/
https://www.group-ib.com/blog/eldorado-ransomware/
Published: Fri May 16 09:13:31 2025 by llama3.2 3B Q4_K_M
