British Airways confirmed on Monday that the bank details and personal data of all its United Kingdom employees have been accessed by hackers. The company stated that the cyber attack was the result of an error in the file transfer system MOVEit which was exposed last week. The so-called zero-day vulnerability permitted hackers to access information from a range of international companies.
British Airways have been hit by a major security breach with bank details and personal data stolen. All British Airways staff who were paid in the United Kingdom have been affected after cyber criminals found a serious flaw in a data transfer system used by the company.
Payroll company Zellis, based in the United Kingdom confirmed on Monday that 8 of its present clients were affected by the data breach. British Airways confirmed later that they were one of the companies whose employees’ data was breached.
British Airways has now written to all the members of the 34,000-strong workforce based in the UK to warn them of the cyber security incident that led to the disclosure of colleagues’ personal information paid through BA’s payroll in the United Kingdom and Ireland.
According to The Telegraph, Boots and the BBC were also affected by the hacking that has been linked to a Russia-based group. Boots informed and informed them that their names, employee numbers, surnames, the first lines of their home addresses and national insurance numbers have been breached. They maintained, however, that only a very small number of staff had their data compromised. The BBC issued a statement via a spokesperson who confirmed that their data was accessed via Zellis and said that they were aware of a data breach at Zellis, their third-party supplier, and were working closely with them while they urgently investigate the extent of the breach. They also stated that they took data security extremely seriously and were following the established reporting procedures. Zellis provides services to several leading businesses across the United Kingdom including Jaguar, Land Rover and the NHS. A spokesperson for the organisation said that they could only confirm that a small number of their customer were impacted by this global issue and that they were actively working to support them. All software owned by Zellis is unaffected and there are no compromises or associated incidents to any other part of their IT estate.
Once the company became aware of this incident they took immediate action, disconnecting the server that uses MOVEit software, and engaging an expert external security incident response team to help with ongoing monitoring and forensic analysis.
