The Cyber Attack on BSH Claimed by El Dorado Last Year Exposed Broadcom’s Employee Data
Published
- The Multinational tech giant Broadcom had its employee data compromised due to a supply chain attack
- The attack originated at BSH, which the company's payroll vendor relied upon for services
- The BSH attack was launched in September last year by the El Dorado ransomware group
In an indirect hit on Broadcom, a major global technology company, a ransomware attack on a partner company of their payroll provider led to its employee data breach. The cyber attack was targeted at Business Systems House (BSH), a Middle Eastern company that handles payroll processing.
A breach at BSH compromised Broadcom's employee data. The company is in the process of informing affected employees about the same while also confirming that they are no longer receiving services from either ADP or BSH.
Broadcom contracted with Automatic Data Processing, Inc. (ADP), an American company offering human resources management software, including payroll. And BSH was ADP’s partner for the Middle Eastern region.
The BSH suffered a ransomware attack at the hands of a group named El Dorado ransomware group in September 2024. During this incident, the group managed to steal employee information belonging to Broadcom.
BSH and ADP became aware of the security incident in late September 2024. In December, they discovered that the group had leaked sensitive data online.
“Because the data taken by the criminal actor was in an unstructured format, definitively determining which employees were impacted and, for each employee, which data fields were disclosed, was a lengthy process for BSH/ADP…,” The Register reported.
Broadcom remained unaware of its involvement in the data leak until May 12, 2025.
“Broadcom no longer uses ADP or, by extension, BSH for payroll in the Middle East, the internal email confirmed, and at the time of the incident, the company was in the process of switching payroll providers,” The Register added.
The exfiltrated data from Broadcom has not been disclosed yet. However, the company has been urging employees to enable multi-factor authentication on their accounts. And they are also urged to monitor their financial records to address any suspicious activity.
An ADP spokesperson shared that a small subset of ADP clients have been affected by the ransomware attack on BSH. They also confirmed that only certain Middle Eastern countries were impacted.
The full impact of the incident is not known yet however, all the threats to BSH have been mitigated.
Neither ADP’s systems nor its infrastructure or data were exposed to any third party during the security incident. The threat actors were not engaging with ADP.
“As soon as we were made aware of the impact to our clients and their employees, we took significant action to protect them and help BSH contain and remediate their security issue,” the ADP spokesperson concluded.
An AI-generated summary of El Dorado’s dark website read that they exfiltrated nearly 560 users in the BSH data breach. This included details of 5 BSH employees and interactions with five other third-party entities.
They had not posted any screenshots of the stolen data back in October 2024.
The group operates as a Ransomware-as-a-Service platform offering its tools to other cybercriminals to launch attacks. They have been reported by researchers as actively targeting companies since March 2024.
The group became inactive in March 2025. And they have been linked with another group, BlackLock, ever since. Ironically, BlackLock has also named BSH as it’s victim on its leak site.
BlackLock was also breached by security researchers after they found a vulnerability in its Data Leak Site on the TOR network.
Related
Most Popular
Most Popular