A huge data breach exposing bank details of employees at thousands of firms, including UK staff at BA, Boots and BBC has been confirmed today ( June 5).
Hackers reportedly managed to infiltrate a flaw in the file transfer system named MOVEit Transfer, giving them access to masses of sensitive personal information from all of the companies that use it.
According to The Telegraph, the hack has been linked to a Russia-based group – following a spate of attacks linked to the country since Putin’s invasion of Ukraine.
The file transfer system, created by US-based Progress Software, is used by thousands of companies globally to transfer files and data between one another.
Vulnerability in the MOVEit system was discovered last week (June 1), although it was not confirmed how many companies had been compromised.
BA, the airline that had around 34,000 staff in the UK, announced today that it had been heavily affected by the data breach.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalData“We have been informed that we are one of the companies impacted by Zellis’s cybersecurity incident which occurred via one of their third-party suppliers called MOVEit,” a BA spokesperson told Sky News.
“Zellis provides payroll support services to hundreds of companies in the UK, of which we are one,” they added.
Zellis announced that eight of its customers had been impacted by the hack, including BA.
“A large number of companies around the world have been affected by a zero-day vulnerability in Progress Software’s MOVEit Transfer product,” Zellis said in a statement.
“We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them.”
BBC and Boots, which employees around 50,000, announced that its data had also been compromised.
Experts have spoken out on the attack, highlighting the need for tighter supply chain security.
Javvad Malik, lead security awareness advocate at KnowBe4, told Verdict: “The recent news, involving the theft of sensitive data from BA and Boots highlights the importance of tightening up cybersecurity controls and the challenges of securing the supply chain.
“It’s also a reminder of how the exploitation of zero-day vulnerabilities represents one of the most significant threats to any IT team.”
John Shier, CTO at cyber security firm Sophos, agreed, reiterating that the “latest round of attacks is another reminder of the importance of supply chain security.”
GlobalData is the parent company of Verdict and its sister publications.