MOVEit Hack – BBC, British Airways Employees Contact and Financial Data Exposed

A major MOVEit Hack has impacted many businesses, notably the BBC, British Airways, Boots, and Aer Lingus.

The organizations acknowledged that tens of thousands of British Airways, Boots, and BBC staff had their personal information compromised due to a large-scale breach that targeted a popular file transfer tool. 

The compromise was discovered at Zellis, the payroll supplier for BA, the BBC, and Boots. The Nova Scotia provincial government in Canada was also struck.

“We have been informed that we are one of the companies impacted by Zellis’s cybersecurity incident, which occurred via one of their third-party suppliers called MOVEit,” said an airline representative.

The data from Zellis and the Nova Scotia government was exposed as a result of their use of the MOVEit file transfer tool, according to separate statements from both organizations.

Zellis declined to indicate how many clients were affected. 

The Breach’s Stolen Information

According to the Daily Telegraph, which initially reported the hack, an email issued to BA workers stated that the exposed information included names, addresses, national insurance numbers, and banking information. BA stated that the hack affected employees paid through BA payroll in the UK and Ireland.

Additionally, employees were told that the data included in the hack included their names, surnames, employee numbers, dates of birth, email addresses, the first lines of their home addresses, and national insurance numbers.

The BBC believes the leak did not involve employee bank information.

“We are aware of a data breach at our third-party supplier, Zellis, and are working closely with them as they urgently investigate the extent of the breach. We take data security extremely seriously and are following the established reporting procedures,” the spokesperson said.

Zellis stated that a “small” number of its customers were affected by a vulnerability in MOVEit, the company’s file transfer technology.

“We can confirm that a small number of our customers have been impacted by this global issue, and we are actively working to support them,” the company stated, adding that the UK data protection agency and the National Cyber Security Centre had been notified. 

It is believed that the incident affected eight Zellis customers in the United Kingdom and Ireland.

Microsoft’s threat intelligence team ascribed the MOVEit assaults to a group known as Lace Tempest.

It said the organization was notorious for ransomware activities and maintaining an “extortion site” with data collected from Clop ransomware attacks.

Microsoft added: “The threat actor has used similar vulnerabilities in the past to steal data and extort victims.”

MOVEIt has been at the center of security industry concerns since its maker, Massachusetts-based Progress Software, discovered a weakness last week that might have allowed hackers to intercept data being transferred through the program.

MOVEit said on Monday that it addressed the vulnerability exploited by the hackers and was working with specialists to analyze the issue “and ensure we take all appropriate response measures.”

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

Guru baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Beware Of Dating Apps Exposing Your Personal And Location Details To Cyber Criminals

Threat actors often attack dating apps to steal personal data, including sensitive data and location details, which can be used…

1 hour ago

Hackers Abusing Google Cloud For Phishing

Threat actors often attack cloud services for several illicit purposes. Google Cloud is targeted due to its extensive and powerful…

1 hour ago

Two Russian Nationals Charged for Cyber Attacks against U.S. Critical Infrastructure

The United States has designated Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, two members of the Russian hacktivist group Cyber…

4 hours ago

Threat Actors Taking Advantage of CrowdStrike BSOD Bug to Deliver Malware

Threat actors have been found exploiting a recently discovered bug in CrowdStrike's software that causes a Blue Screen of Death…

6 hours ago

NCA Shut’s Down the Most Popular “digitalstress” DDoS-for-hire Service

The National Crime Agency (NCA) has successfully infiltrated and dismantled one of the most notorious Distributed Denial of Service (DDoS)…

7 hours ago

Play Ransomware’s Linux Variant Attacking VMware ESXi Servers

A new Linux variant of Play ransomware targets VMware ESXi environments, which encrypts virtual machine files and appends the ".PLAY"…

8 hours ago