Ofcom, the UK media watchdog, has revealed that it was targeted in a mass cyber-attack that also compromised the BBC, Boots and British Airways.
Last week, hackers managed to infiltrate a flaw in the file transfer system named MOVEit Transfer, giving them access to masses of sensitive personal information from all of the companies that use it.
The data breach, which has been linked to a Russian ransomware group, saw thousands of employees’ sensitive data compromised – including bank details and addresses.
Ofcom said on Monday (12 June) that the personal information of 412 employees was downloaded during the cyber attack.
The attack also revealed confidential data about some of the companies regulated by the watchdog, Ofcom confirmed.
“A limited amount of information about certain companies we regulate – some of it confidential – along with personal data of 412 Ofcom employees, was downloaded during the attack,” Ofcom said in a statement.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalData“We took immediate action to prevent further use of the MOVEit service and to implement the recommended security measures. We also swiftly alerted all affected Ofcom-regulated companies, and we continue to offer support and assistance to our colleagues.”
MOVEit, created by US-based Progress Software, is used by thousands of companies globally to transfer files and data between one another.
Jim Tiller, CISO at digital services consultancy Nash Squared, told Verdict: “Any organisation that has used MOVEit must assume their data is in the wrong hands.”
Tiller said that all the organisations who have used MOVEit should “urgently review and categorise all their information assets that are likely to have been stolen to understand what represents the greatest threat to extortion and prioritise accordingly.”
GlobalData is the parent company of Verdict and its sister publications.