Britain (Common Wealth) _ British Airways, Boots, and the BBC are looking into possible employee data theft after suffering cyber-attacks attached to a criminal group having links to Russia.
BA said that it was one of the businesses impacted by the attack, which targeted MOVEit software used by Zellis, a provider of payroll services.
A spokeswoman for the airline said, “We have been informed that we are one of the organizations affected by Zellis’s cybersecurity incident, which occurred via one of their third-party providers called MOVEit.
Employees at BA were informed via email that names, addresses, national insurance numbers, and financial information had been hacked. BA claimed that the hack had an impact on staff pay throughout the UK and Ireland through BA payroll.
“Some of our team members’ personal details” had been impacted, according to Boots. The personnel had been informed that the attack had access to information such as names, surnames, employee numbers, dates of birth, email addresses, the first lines of home addresses, and national insurance numbers, according to The Telegraph.
A representative for the BBC also acknowledged that the broadcaster had been impacted. The company is confident that employee bank information was not compromised.
We are working closely with Zellis as they rapidly examine the extent of the intrusion because we are aware that there has been a data breach at their third-party provider. We are adhering to the existing reporting processes and take data security very seriously, the spokeswoman said.
The company’s file transfer system, MOVEit, which is utilized by Zellis, had a vulnerability that had affected a “small” number of the company’s clients.
“We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them,” the company stated, noting that the National Cyber Security Center and the UK data watchdog had been alerted. Eight Zellis customers in the UK and Ireland are believed to have been impacted by the assault.
The attacks against MOVEit were ascribed to a group it named Lace Tempest by Microsoft’s threat intelligence team in a tweet sent out on Sunday. It said the gang was well-known for its use of ransomware and for operating a “extortion site” with information gleaned through attacks utilizing a particular strain of Clop ransomware is used.
Microsoft continued, “The threat actor has previously exploited comparable vulnerabilities to steal data and extort victims.” Prepare for the day’s work with our daily guides to the business news and information you need.
The attack was probably carried out by an affiliate of the cybercriminal gang behind the Clop ransomware, according to Rafe Pilling, director for threat research at the US cybersecurity company Secureworks, as well as the connected website alluded to by Microsoft where stolen data is offered. According to Pilling, a Russian-speaking cybercrime organization was responsible for Clop.
The victims of the incident should anticipate being called and being offered for payment in exchange for the release of any stolen data, Pilling continued. “Victims will be contacted, and if they refuse, they will probably be listed and published on the Clop site,” he stated.
A representative for MOVEit, which was created by the US Company Progress Software, said that it had “corrected” the flaw that the hackers had taken advantage of.
They stated, “We are continuing to collaborate with premier cybersecurity professionals to analyze the situation and make sure we take all necessary response measures.
