The cyber-attack on Prospect Union, the parent organization of Bectu, compromised the personal data of 150,000 members, including those in highly sensitive roles such as the Ministry of Defence, military suppliers, civil servants, nuclear sector, and national security agencies (e.g., DSTL). The breached data included bank details, contact information, birth dates, and protected characteristics, raising concerns about national security risks and potential exposure to hostile state actors. Members in defense and security-related professions criticized the four-month delay in disclosure, arguing that their personal security was jeopardized, especially for those handling classified operations. The attack’s scope suggests a targeted breach with severe implications, given the union’s representation of individuals in critical infrastructure and government roles. The Metropolitan Police’s cybercrime unit and the UK’s Information Commissioner’s Office (ICO) are investigating, with suspicions of possible state-sponsored involvement. The union has not confirmed whether a ransom was paid or if ransomware was involved, but the scale and sensitivity of the data indicate a high-severity incident with broad systemic risks.
TPRM report: https://www.rankiteo.com/company/prospect_3
"id": "pro1032210102125",
"linkid": "prospect_3",
"type": "Cyber Attack",
"date": "10/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': '150,000',
'industry': ['Labor Representation',
'Public Sector',
'Entertainment (via Bectu)'],
'location': 'United Kingdom',
'name': 'Prospect Union',
'size': '150,000 members',
'type': 'Trade Union'},
{'industry': 'Entertainment',
'location': 'United Kingdom',
'name': 'Bectu (Broadcasting, Entertainment, '
'Communications and Theatre Union)',
'type': 'Subsidiary Union'},
{'industry': 'Defense',
'location': 'United Kingdom',
'name': 'UK Ministry of Defence',
'type': 'Government Department'},
{'industry': 'Defense & Security Technology',
'location': 'United Kingdom',
'name': 'Defence Science and Technology Laboratory '
'(DSTL)',
'type': 'Government Agency'},
{'industry': 'Public Administration',
'location': 'United Kingdom',
'name': 'UK Civil Service (various departments)',
'type': 'Government'},
{'industry': 'Energy',
'location': 'United Kingdom',
'name': 'UK Nuclear Sector (members represented by '
'Prospect)',
'type': 'Critical Infrastructure'}],
'customer_advisories': 'Delayed notifications to affected members (October '
'2023, four months post-breach); online Q&A sessions '
'with General Secretary',
'data_breach': {'data_exfiltration': 'Likely (data accessed and potentially '
'exfiltrated)',
'number_of_records_exposed': '150,000',
'personally_identifiable_information': 'Yes (birth dates, '
'protected '
'characteristics, '
'contact details)',
'sensitivity_of_data': 'High (includes national security '
'personnel data)',
'type_of_data_compromised': ['Bank details',
'Contact details',
'Personal identifiers (birth '
'dates, protected '
'characteristics)']},
'date_detected': '2023-06',
'date_publicly_disclosed': '2023-10',
'description': 'The cyber-attack on Prospect, the parent union of film and TV '
'group Bectu, compromised the personal data of ~150,000 '
'members, including those in sensitive roles at the UK '
'Ministry of Defence, military suppliers, and government '
'departments. Breached data included bank details, contact '
'information, birth dates, and protected characteristics. The '
'incident, detected in June, was disclosed to members four '
'months later, raising concerns about national security risks '
'and delayed notification. The Metropolitan Police’s '
'cybercrime unit and the UK’s Information Commissioner’s '
'Office (ICO) are investigating. The threat actor remains '
'undisclosed, with speculation about potential state '
'involvement.',
'impact': {'brand_reputation_impact': 'Significant (trust erosion among '
'members, especially those in sensitive '
'roles)',
'customer_complaints': 'High (members expressed dissatisfaction '
'over delayed notification and potential '
'security risks)',
'data_compromised': ['Bank details',
'Contact details',
'Personal identifiers (birth dates, protected '
'characteristics)'],
'identity_theft_risk': 'High (personal identifiers and bank '
'details exposed)',
'legal_liabilities': 'Potential (ICO investigation ongoing; '
'possible fines or legal actions)',
'payment_information_risk': 'High (bank details compromised)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Speculated (members '
'expressed concerns about '
'data ending up with '
'hostile state actors)',
'high_value_targets': ['UK national security '
'personnel (DSTL, Ministry '
'of Defence)',
'Civil servants',
'Nuclear sector employees']},
'investigation_status': 'Ongoing (Metropolitan Police and ICO investigations)',
'ransomware': {'ransom_paid': 'Unconfirmed (Prospect declined to comment)'},
'references': [{'date_accessed': '2023-10',
'source': 'Deadline',
'url': 'https://deadline.com'},
{'date_accessed': '2023-10',
'source': 'UK Information Commissioner’s Office (ICO)',
'url': 'https://ico.org.uk'}],
'regulatory_compliance': {'legal_actions': 'ICO enquiries ongoing; potential '
'full investigation',
'regulations_violated': 'Potential violation of UK '
'GDPR (delayed notification '
'to affected individuals)',
'regulatory_notifications': 'Yes (ICO and employers '
'in sensitive sectors '
'notified)'},
'response': {'communication_strategy': 'Delayed but tailored notifications to '
'affected members; online calls with '
'members by General Secretary Mike '
'Clancy',
'incident_response_plan_activated': 'Yes (extensive work to '
'scope impact and tailor '
'communications)',
'law_enforcement_notified': 'Yes (Metropolitan Police’s '
'cybercrime unit investigating)'},
'stakeholder_advisories': 'Talks held with employers in sensitive sectors '
'(e.g., Ministry of Defence, DSTL)',
'title': 'Cyber-Attack on Prospect Union Compromises Data of 150,000 Members, '
'Including UK National Security Personnel',
'type': ['Data Breach', 'Cyber-Attack']}