Cyber Incident Victim: Sky

In early January 2023, Sky confirmed a cybersecurity incident affecting its customer accounts after multiple subscribers received breach notifications. A company spokesperson stated that cybercriminals had gained unauthorized access to a limited number of Sky customer accounts, though the exact entry method remained under investigation. Sky implemented immediate IT security measures to terminate the unauthorized access upon detection. The company launched an internal investigation and notified relevant data protection authorities in accordance with regulatory requirements. Affected customers received direct communications confirming the breach timeline, with Sky emphasizing that accounts not contacted through verified channels by January 27, 2023, remained unaffected. Preliminary findings indicated attackers potentially accessed personal data during the limited breach window, though full payment information remained protected through standard data masking protocols that obscured all but the last five digits of IBAN and credit card numbers.

Sky's investigation remained ongoing as of the initial disclosure, with no evidence of substantive data misuse beyond unauthorized subscription upgrades observed in some compromised accounts. The company declined to specify the number of impacted subscribers but publicly acknowledged potential inconveniences to affected customers while committing to prevent financial losses stemming from the incident. Forensic analysis suggested attackers obtained temporary access to personally identifiable information, though the complete scope of exposed data fields remained undetermined during the initial response phase. Sky maintained that security protocols prevented full payment data exposure and established procedures to reverse fraudulent subscription charges. The broadcaster's communications emphasized containment of the breach through prompt access termination and ongoing coordination with regulatory bodies throughout the investigation process.