British Airways & Boots Staff Personal Data Exposed In Data Breach
In a recent disclosure by British Airways (BA), it was reported that all its UK-based staff have had their personal data exposed in a cyber attack. The information compromised in this security breach includes bank and contact details. This breach occurred following an exploitation of a previously unknown flaw (zero-day vulnerability), in the file transfer system “MOVEit” from Progress Software, which we reported on last week (See the article here).
Last week, it was discovered that cyber criminals had used the vulnerability in MOVEit to access sensitive data. Confirming the incident on Monday June 5th, Zellis, a UK-based payroll provider, stated that eight of its clients had been affected by this cyber attack, but refrained from identifying the organisations. Subsequently, British Airways has confirmed that it was one of the businesses effected by the data breach, which has left the details of more than 34,000 UK staff details exposed.
Other well-known organisations including the Boots have confirmed that they have been effected by the attack and the BBC has also been implicated as potentially being effected in this cyber attack, with speculations linking the incident to a Russia-based group. British Airways issued a statement to Sky News saying, “We have been informed that we are one of the companies impacted by Zellis’ cyber security incident which occurred via one of their third-party suppliers called MOVEit. Zellis provides payroll support services to hundreds of companies in the UK, of which we are one. This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool. We have notified those colleagues whose personal information has been compromised to provide support and advice.”.
Zellis have also released their own statement following the breach stating, “A large number of companies around the world have been affected by a zero-day vulnerability in Progress Software’s MOVEit Transfer product. We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them. All Zellis-owned software is unaffected and there are no associated incidents or compromises to any other part of our IT estate. Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring.”
Whilst the amount of businesses effected may be a “small number” according to Zellis, the impact on those companies and the individuals effected could still be substantial if the 34,000 BA employees is anything to go by. If your business uses Zellis or MOVEit we would advise reaching out to your account manager for further clarification. If you are concerned about your data privacy and if any of your online accounts may have been leaked on the Dark Web, click the link below to find out more about our Dark Web monitoring service and sign up for a free business domain scan. We can also help your business with a complete Cyber Security audit to ensure that you have the best Cyber Security solutions in place to protect your business from attacks and data breaches.
Latest News Stories
Join One2Call for a Masterclass in Cyber Security!
One2Call and Doncaster Chamber are excited to announce a Cyber Security Masterclass on July 25th, 2023. The event will be held at Flourish Enterprise's Woodfield Park location from 9am to 10:30 am. Did you know that standard signature-based Anti-Virus alone is only...
The Unseen Cyber Threat: The New .mov and .zip Domains
In May, Google introduced eight new top-level domains (TLDs), a move that has sparked an intense debate amongst cyber security experts. Top-level domains, or TLDs, are the suffixes at the end off a URL, such as ".com”, “.co.uk”, “.net”, ".uk" and many others. TLDs...
What is “Cyber Secure By Design”?
Artificial Intelligence (AI) and Large Language Models (LLM’s) have seen a huge leap in both technology and use over the past 12 months, and as such we're also seeing drastic a rise in complex cyber attacks. Recent events, like the leak of LLM software, a data breach...
Our Customers
Testimonials
Yolande Quickfall, Saxton Mee
One2Call are certainly liked by us as they are always keen to help and resolve any problems that we may have and with a quick response.
Rob Watt, Straaltechniek
Quick and easy. Pawel always great to deal with.
Daniel, Motorfinity
Our move and installation of new IT infrastructure and phone systems couldn’t have been any smoother. The advice we had and technical guidance and support meant we felt totally at ease. Would definitely recommend One2call!