British Airways has already informed 34,000 UK employees about the massive cyber attack, while the BBC has also acknowledged the incident.
In a shocking revelation, it has been uncovered that tens of thousands of employees from prominent UK companies, including British Airways (BA), the British Broadcasting Corporation (BBC), and Boots, may have fallen victim to a large-scale data breach suspected to be linked to a cyber attack originating from Russia.
The breach, which has raised serious concerns over cybersecurity, has reportedly exposed the personal information of affected individuals.
The alarming incident came to light after BA issued a warning to its 34,000-strong workforce, notifying them of a significant “cybersecurity incident” resulting in the disclosure of personal data belonging to employees paid through BA’s payroll systems in the UK and Ireland.
The compromised information encompasses a range of sensitive details, including names, addresses, national insurance numbers, banking information, and other personal records. What’s worse, British Airways was also a victim of a data breach in 2018, during which the personal and financial details of 380,000 of its customers were stolen.
Sources indicate that the breach is associated with Zellis, BA’s payroll provider and other firms in collaboration with the company have also fallen victim to the attack. Boots, a well-known UK pharmacy chain, sent out emails to its employees, informing them that their names, surnames, employee numbers, dates of birth, email addresses, and partial home addresses have been affected. It is believed that a small fraction of Boots employees may have had additional data compromised as well.
The BBC, a renowned broadcasting institution, has also confirmed its involvement in the breach. A spokesperson for the organization stated that they were aware of the data breach at Zellis, their third-party supplier, and are actively cooperating with them to investigate the extent of the incident. Emphasizing the significance of data security, the spokesperson reassured that the BBC is following established reporting procedures to address the issue.
Zellis, which provides payroll services to numerous major companies, including the National Health Service (NHS) and Jaguar Land Rover, has reportedly suffered a breach affecting eight of its clients.
According to local British media reports, the cyber attack is suspected to be the work of a Russian-speaking cybercrime gang known as Cl0p, as noted by security researchers.
Reportedly, the hackers gained unauthorized access to sensitive data by exploiting a backdoor in MOVEit, a file transfer software used by Zellis.
MOVEit’s vulnerability was first identified by its creator, Progress Software, which promptly alerted its customers, urging them to take immediate action by deleting any unauthorized user accounts created by the hackers.
Rafe Pilling, a principal researcher at Secureworks, a cybersecurity company, disclosed that the Cl0p ransomware gang has been actively targeting vulnerable servers recently. He expressed that his team is currently engaged in multiple incident response tasks associated with this particular hack, strongly suggesting a link between the attacks on BA and Boots.
Zellis has assured the public that it is actively assisting the affected customers and has taken swift action in response to the incident. Upon becoming aware of the breach, Zellis disconnected the server utilizing the compromised MOVEit software and engaged an external security incident response team for forensic analysis and ongoing monitoring.
The Information Commissioner’s Office (ICO), Data Protection Commission (DPC), and the National Cyber Security Centre (NCSC) in both the UK and Ireland have been notified.
BA has stated that the breach was a result of a previously unknown vulnerability in the widely used MOVEit file transfer tool, supplied by Zellis. The company has reached out to affected individuals, offering support and guidance in light of the compromised personal information.
Progress Software has also acknowledged the situation, confirming their investigation into the vulnerability in MOVEit Transfer and MOVEit Cloud. The company promptly alerted customers, implemented immediate mitigation steps, disabled web access to MOVEit Cloud, and developed a security patch to address the vulnerability within 48 hours.
They further asserted their collaboration with leading cybersecurity experts to thoroughly investigate the incident and ensure appropriate response measures are taken.
As the affected companies grapple with the aftermath of this significant data breach, authorities like the ICO continue to assess the information provided, aiming to ensure the protection of individuals’ data and hold responsible parties accountable.
The incident serves as a stark reminder of the growing cybersecurity threats faced by both corporations and individuals in an increasingly interconnected world.