BBC Victim of MOVEit Software Hack at Payroll Service Provider Zellis
British Airways (BA), the BBC, Ofcom and Boots were among a number of organisations that were reportedly victims of a major recent cyber-attack, resulting in the breach of numerous staff details. The stolen data is said to include staff names, staff ID numbers and national insurance numbers (although, importantly, not banking details). The recent attack was against a piece of software called Moveit, which is used to transfer computer files from one location to another. It involved what’s called a “zero-day exploit”, a piece of computer code that takes advantage of a previously unknown vulnerability. This allowed hackers to compromise Zellis, a trusted supplier of services to BA, the BBC, Boots and others. Zellis confirmed a “small number” of customers had been affected, adding that it had disconnected the server using Moveit as soon as it became aware of the incident.
Since Zellis is the main payroll service provider to these organisations, it is easy to trace how this incident started. Responsibility for the attack was claimed by the Russia-linked “cl0p” group, which has since issued an ultimatum to the affected organisations – asking for money unless they want the stolen data to be released on the dark web.
June 7, 2023
No cost values disclosed.