A recent attempt to bribe BBC News reporter Joe Tidy to assist a cybercriminal in breaching the BBC’s cyber defenses highlights the growing threat all organizations now face from within. Tidy was offered millions of pounds and told he need never work again if he assisted the threat actor. With the permission of his editor, the BBC reporter played along with the cybercriminals without actually assisting them in order to discover more about their methods.
This attempt to breach the BBC follows hard on the heels of a recent data breach at FinWise Bank in the US involving a former employee, which occurred on May 31, 2024, but was not discovered until June 18, 2025, exposing the personal details of 689,000 customers at First Finance, to whom FinWise contracts out. This and other breaches, such as an incident at cryptocurrency platform Coinbase, where overseas customer support staff were bribed to leak the personal information of around 70,000 customers, costing the crypto exchange roughly $400 million and resulting in a class-action lawsuit, highlight the growing insider threat.
Only the tip of a looming iceberg
But insider incidents that hit the headlines are thought to be only the tip of a looming iceberg, where cybercriminals seek to circumvent organizations’ cyber-defenses by colluding with target companies’ staff to effect a breach of their defenses. Once the breach has occurred, the company in question may soon find that critical and customer data has been stolen and encrypted and that the organization is suddenly at the mercy of a group of ruthless cybercriminals. Even sectors such as financial services, which have notoriously strong outer cyber-defenses, are proving to be increasingly vulnerable to this form of attack.
According to a joint report from the Association of Certified Anti-Money Laundering Specialists (ACAMS) and the non-profit anti-fraud organization, Cifas: “Financial institutions face a persistent and insidious risk from within. Employees with privileged access can facilitate fraud, embezzlement, data theft, insider trading, and even corporate sabotage. The consequences are severe: financial losses, regulatory penalties, reputational harm, and operational upheaval. Many organizations hesitate to disclose insider breaches. However, acknowledging and addressing the problem is critical.”
Staff members are frequently approached via encrypted platforms such as Telegram with the promise of huge rewards if they betray their employers. Disgruntled former employees are particularly vulnerable to this type of offer. It is, therefore, imperative that companies immediately revoke all access privileges and passwords in the case of staff who have resigned or who may have been made redundant.
