United Kingdom


2020 Phishing Email Cost UK Interserve more than £11M

May 8, 2020

Hackers stole sensitive details on 100,000 people from an outsourcing company named Interserve. The Phishing campaign attackers are unknown and the company offered no additional information. The data stolen is sensitive, including employee names and their addresses, bank details, payroll information, HR records, pension information and much more.

Update August 2023: The Information Commissioner fined Interserve £4.4m in autumn 2022. Interserve was once a FTSE 250 firm but has largely been broken up after collapsing into administration four years ago. Its latest accounts reveal that it spent £7m on ‘professional adviser fees’ following the attack.

read more

UK based KNP Logistics Business Shuts Down: 700 Jobs lost

June 15, 2023

KNP Logistics Group will be forced to make over 700 employees redundant. According to the administrators, a “major ransomware attack … affected key systems, processes and financial information. This adversely impacted on the financial position of the Group and ultimately, its ability to secure additional investment and funding.” The incident is a rare public example of the existential threat that experts warn ransomware can pose to businesses.

Only the group’s Nelson Distribution business will survive after being sold, saving 170 jobs. KNP was formed out of a 2016 merger between Nelson Distribution and Knights of Old, a haulage business that dated back to 1865. The group was originally compromised in June 2023 by the Akira ransomware collective. However, it’s unclear whether it was able to access a decryptor for the ransomware released by Avast in July.

read more

Zaun, a Fencing Supplier, Suffers Ransomware Attack

August 5, 2023

Fencing products maker, UK-based Zaun, suffered a ransomware attack by the LockBit attack group which started leaking information it purloined from the hack.
The West Midlands, UK company supplies some of the UK’s key military installations.
LockBit’s data release included sales orders relating to Porton Down research unit in Wiltshire and the Faslane nuclear submarine base in Scotland. It also mentions details of equipment used at GCHQ’s Bude satellite ground station and network monitoring site.

read more

Independent Businesses Suffer Big Hit as Result of Cyberattack on Swan Retail IT Firm

August 13, 2023

Up to 300 independent retailers have been left unable to process stock after being hit by a cyber attack at fullfilment software supplier Swan Retail. The attack took place on Sunday (13 August).

Independents told Drapers that their businesses have taken a big hit since the attack as they struggled to replenish stock in-store or fulfill online orders. Some have also had to delay bringing in new autumn/winter collections as a result.

read more

MOVEit Transfer data breach at Zellis affect

June 5, 2023

UK payroll and HR solutions provider Zellis suffered a data breach due to MOVEit attacks. “A large number of companies around the world have been affected by a zero-day vulnerability in Progress Software’s MOVEit Transfer product,” Zellis told BleepingComputer in a statement on June 7. “We confirm that a small number of our customers have been impacted and we are actively working to support them. Zellis-owned software is unaffected and there are no associated incidents or compromises to any other part of our IT estate. We have also notified the ICO, DPC, and the NCSC in both the UK and Ireland.”

Additional information, 23AUG23:
On June 6th, 2023, the notorious Russian-affiliated ransomware group, Clop, claimed responsibility for an attack that targeted Progress Software’s MOVEit transfer tool. This corporate file-sharing solution has an extensive customer base in the United States. Organizations use MOVEit for secure file transfers; it’s essentially a more jazzed-up, professional version of popular file-sharing tools like Dropbox. In May 2023, cybercriminals at Clop uncovered a previously unknown vulnerability in MOVEit, which they began exploiting. Up to 130 organizations suffered from downstream impacts when the vulnerability in MOVEit enabled Clop hackers to gain access to their IT environment and steal sensitive data.

read more

Boots also Victim MOVEit Software Hack at Zellis

June 7, 2023

British Airways (BA), the BBC, Ofcom and Boots were among a number of organisations that were reportedly victims of a major recent cyber-attack, resulting in the breach of numerous staff details.

The stolen data is said to include staff names, staff ID numbers and national insurance numbers (although, importantly, not banking details). But, other than for those personally affected, the real issue is what this attack reveals about the evolution of cybercrime.

read more

British Airways also Breached by MOVEit Software Hack (Zellis)

June 7, 2023

British Airways (BA), the BBC, Ofcom and Boots were among a number of organisations that were reportedly victims of a major recent cyber-attack, resulting in the breach of numerous staff details. The stolen data is said to include staff names, staff ID numbers and national insurance numbers (although, importantly, not banking details).

The recent attack was against a piece of software called Moveit, which is used to transfer computer files from one location to another. It involved what’s called a “zero-day exploit”, a piece of computer code that takes advantage of a previously unknown vulnerability.
This allowed hackers to compromise Zellis, a trusted supplier of services to BA, the BBC, Boots and others. Zellis confirmed a “small number” of customers had been affected, adding that it had disconnected the server using Moveit as soon as it became aware of the incident.

Since Zellis is the main payroll service provider to these organisations, it is easy to trace how this incident started. Responsibility for the attack was claimed by the Russia-linked “cl0p” group, which has since issued an ultimatum to the affected organisations – asking for money unless they want the stolen data to be released on the dark web.

read more

300 KFC, Pizzahut, Taco Bell restaurants Shut Down after Ransomware Attack on Parent Company

January 13, 2023

KFC, Pizza Hut, and Taco Bell parent company Yum! Brands confirmed a ransomware attack that leaked company data and shut down restaurants in the United Kingdom.

Yum! quickly mitigated the ransomware attack, and all outlets resumed operations within 24 hours.
“With the ransomware being contained to a third of Yum! Brands UK outlets and the downtime being limited to 1 day – Yum! Brands have done relatively well recovering,” said Morten Gammelgard EVP, EMEA at BullWall. “The average amount of downtime for organizations when hit by Ransomware is approximately 24 days.”

Breach notification letters were sent to affected people starting Thursday 6 April. Yum! Brands revealed that it has “now found out the attackers stole some individuals’ personal information, including names, driver’s license numbers, and other ID card numbers.”

read more

Shell Investigates Ransomware Attack by the Cl0p Group

June 16, 2023

Oil and Gas giant Shell ransomware attack conducted by the Clop gang exploiting a MOVEit zero-day vulnerability. The company is investigating the security breach and said that at this time the attack had no impact to its core IT systems.

The Clop ransomware gang claims to have hacked hundreds of companies. At the time of this writing, the Clop ransomware group already added 27 companies to the list of victims on its dark web leak site. The group claimed to have compromised the companies by exploiting the zero-day CVE-2023-34362.

In March 2021, Shell disclosed another data breach resulting from the compromise of an Accellion File Transfer Appliance (FTA) used by the company.

read more

Ransomware Attack at Royal Mail Disrupts International Operations more than a Month

January 10, 2023

The LockBit ransomware operation has claimed the cyberattack on UK’s leading mail delivery service Royal Mail that forced the company to halt its international shipping services due to “severe service disruption.”

Royal Mail refused to pay an $80m (£67m) ransom sought by hackers linked to Russia after the “cyber incident”, which resulted in 11,500 Post Office branches across the UK being unable to handle international mail or parcels fro almost six weeks after the attack. The company has said it is losing £1m a day.

read more