Tim Toole reports:
A ransomware attack on Business Systems House (BSH), a Middle Eastern partner of payroll provider ADP, led to Broadcom employee data theft in September 2024. Data was leaked online in December, but Broadcom wasn’t informed until May 2025. The El Dorado ransomware group claimed responsibility for the breach, which occurred as Broadcom was transitioning payroll providers.
The recent disclosure of a ransomware-driven data breach at Broadcom has sent fresh ripples through the tech and cybersecurity community, highlighting the persistent risks inherent in supply chain and third-party data management. As reported by The Register, a Middle Eastern partner of payroll services giant ADP, Business Systems House (BSH), fell victim to a ransomware attack in September 2024—a breach that ultimately resulted in the compromise of sensitive Broadcom employee data.
The incident’s timeline underscores the challenges organizations face in monitoring and securing extended vendor ecosystems. Broadcom, a multinational semiconductor and infrastructure software company, had utilized ADP for payroll processing, with BSH functioning as ADP’s regional provider in the Middle East. At the time of the breach, Broadcom was already in the process of transitioning away from both ADP and BSH, but crucially, the switch had not been finalized when attackers struck.
Read more at WebProNews.