British Airways & Boots Staff Personal Data Exposed In Data Breach
In a recent disclosure by British Airways (BA), it was reported that all its UK-based staff have had their personal data exposed in a cyber attack. The information compromised in this security breach includes bank and contact details. This breach occurred following an exploitation of a previously unknown flaw (zero-day vulnerability), in the file transfer system “MOVEit” from Progress Software, which we reported on last week (See the article here).
Last week, it was discovered that cyber criminals had used the vulnerability in MOVEit to access sensitive data. Confirming the incident on Monday June 5th, Zellis, a UK-based payroll provider, stated that eight of its clients had been affected by this cyber attack, but refrained from identifying the organisations. Subsequently, British Airways has confirmed that it was one of the businesses effected by the data breach, which has left the details of more than 34,000 UK staff details exposed.
Other well-known organisations including the Boots have confirmed that they have been effected by the attack and the BBC has also been implicated as potentially being effected in this cyber attack, with speculations linking the incident to a Russia-based group. British Airways issued a statement to Sky News saying, “We have been informed that we are one of the companies impacted by Zellis’ cyber security incident which occurred via one of their third-party suppliers called MOVEit. Zellis provides payroll support services to hundreds of companies in the UK, of which we are one. This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool. We have notified those colleagues whose personal information has been compromised to provide support and advice.”.
Zellis have also released their own statement following the breach stating, “A large number of companies around the world have been affected by a zero-day vulnerability in Progress Software’s MOVEit Transfer product. We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them. All Zellis-owned software is unaffected and there are no associated incidents or compromises to any other part of our IT estate. Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring.”
Whilst the amount of businesses effected may be a “small number” according to Zellis, the impact on those companies and the individuals effected could still be substantial if the 34,000 BA employees is anything to go by. If your business uses Zellis or MOVEit we would advise reaching out to your account manager for further clarification. If you are concerned about your data privacy and if any of your online accounts may have been leaked on the Dark Web, click the link below to find out more about our Dark Web monitoring service and sign up for a free business domain scan. We can also help your business with a complete Cyber Security audit to ensure that you have the best Cyber Security solutions in place to protect your business from attacks and data breaches.
Latest News Stories
Celebrating our Local Football Teams
In a remarkable turn of events that has sent waves of jubilation throughout the Sheffield region, both Sheffield Wednesday and Sheffield United football clubs have secured their respective promotions in the 2022-2023 season. This is a tremendous achievement for both...
Rochester Schools Still Suffering 1 Month After Cyber Attack
Rochester Public Schools, based in Minnesota, was hit by a significant ransomware attack on 6th April 2023, disrupting its operations and affecting thousands of students, teachers, and staff members. The attack was first detected at 4:30 a.m. by a member of their IT...
Simple Email Habits Give Cyber Criminals an Edge
In an increasingly digital world, even the seemingly innocent action of sharing holiday plans in an out-of-office email could give cyber criminals an edge. At the recent 2023 SmallBiz Week conference in Melbourne, Australia, representatives from small businesses, as...
Our Customers
Testimonials
The Willows School
Jordan always goes above and beyond no matter how crazy an idea we have or how quickly something needs doing.
Pete Richardson, DALP
Always provide very prompt support. Excellent.
Claire H, MSP PLC
Made a call into day, to arrange an engineer visit and was able to get there before 12noon and solve the issue.