A cyberattack involving payroll firm Zellis has hit UK companies Boots, British Airways, and the BBC.
According to a report by The Telegraph, all three confirmed being among the victims of a hack perpetrated through a third-party software. Potentially stolen data include national insurance numbers and bank account details, as well as names and addresses.
It was reported that the breach was carried out via MOVEit, a file transfer software used by Zellis. Eight Zellis clients are thought to have been affected by the hack.
It was noted that Boots has 52,000 employees; British Airways, 34,000; and the BBC, 22,000.
Zellis, affected clients of which include Irish airline Aer Lingus, was quoted as saying in a statement: “We can confirm that a small number of our customers have been impacted by this global issue, and we are actively working to support them.
“We have also notified the ICO (Information Commissioner’s Office), DPC (Data Protection Commission), and the NCSC (National Cyber Security Centre) in both the UK and Ireland. We employ robust security processes across all of our services, and they all continue to run as normal.”
MOVEit, meanwhile, has offered assurances that the exploited vulnerability is already fixed.
As for the perpetrators, BleepingComputer reported that the Clop ransomware gang has claimed responsibility for the attack, which hit not just Zellis but other users of MOVEit.
What do you think about this cyber story? Share your thoughts in the comments below.