06 June 2023

Renowned UK companies such as BBC, British Airways, Boots and Aer Lingus are among the organisations that have been affected by a mass hack. Staff at the companies have been warned about a data breach that impacted Zellis, a payroll provider to some of the largest organisations across the UK and Ireland.

Personal information such as names, dates of birth, and national insurance (NI) numbers were affected by the breach. It appeared last week that a vulnerability in the file transfer system ‘MOVEit’, produced by Progress Software, had been exploited by cyber criminals. Allowing the hackers to access information on a range of global companies using MOVEit transfer. MOVEit is a software designed to move sensitive files securely and is popular around the world with most of its customers in the US.

It has been further reported that, a Russian-linked criminal group named ‘Clop’ has claimed responsibility for the breaches. However, currently there are no reports of ransom demands being sought or money stolen.

Zellis has said:

“We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them. All Zellis-owned software is unaffected and there are no associated incidents or compromises to any other part of our IT estate.

Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring. We have also notified the ICO, DPC, and the NCSC in both the UK and Ireland. We employ robust security processes across all of our services and they all continue to run as normal.”

A National Cyber Security Centre (NCSC) spokesperson, said:

“We are working to fully understand UK impact following reports of a critical vulnerability affecting MOVEit Transfer software being exploited.

The NCSC strongly encourages organisations to take immediate action by following vendor best practice advice and applying the recommended security updates.

Information provided in this news article may be subject to change. Please make note of the date of publication to ensure that you are viewing up to date information.