BBC and British Airways among major victims of MOVEit software hack

LONDON (AP) — Britain’s cybersecurity agency on Wednesday urged businesses to be vigilant after the BBC, British Airways and other companies said their employees’ personal data may have been compromised in a software hack.

Businesses were the first big victims after hackers managed to hack popular file transfer software called MOVEit. Ransomware group Clop, believed to be based in Russia, threatened on its dark website that stolen data, including personal details such as names and home addresses, could be published.

“We are working to fully understand the impact in the UK following reports of a critical vulnerability affecting the MOVEit Transfer software being exploited,” the UK’s National Cyber ​​Security Center said in a statement.

“The NCSC strongly encourages organizations to take immediate action by following vendor best practice advice and applying recommended security updates,” he added.

MOVEit is a program widely used by businesses to securely share files online. Zellis, a leading payroll service provider in the UK that works with British Airways and hundreds of others, was one of its users. Zellis said Monday that a “small number” of his customers were affected by the breach.

The hackers are believed to have broken into the software and used it to gain access to the databases of hundreds of other companies.

“This incident occurred due to a new and previously unknown vulnerability in a widely used MOVEit file transfer tool,” British Airways said in a statement. “We have notified colleagues whose personal information has been compromised to provide support and guidance.”

The Boots pharmacy chain, which employs more than 50,000 people, also said it informed staff of the breach.

BA and Zellis said they reported the incident to the UK Information Commissioner’s Office.

Leave a Comment