British Airways confirmed on Monday that personal data, including bank details, of all its UK employees have been accessed by hackers.
The company said the cyber attack was the result of a flaw in the file transfer system MOVEit which was exposed last week.
The so-called zero-day vulnerability allowed hackers to access information from a range of global companies.
UK-based payroll company Zellis confirmed on Monday eight of its current clients have been affected by the data breach. BA later confirmed they were one of the companies whose employees’ data have been breached.
BA has now written to all UK-based members of its 34,000-strong workforce to warn them of the “cyber security incident which has led to the disclosure of personal information about colleagues paid through British Airways’ payroll in the UK and Ireland.”
According to The Telegraph, the BBC and Boots were also affected by the hacking – which has been linked to a Russia-based group.
Boots contacted employees to inform them that their names, surnames, employee numbers, the first lines of their home address and national insurance numbers have been breached.
They however maintained that only a “very small number” of staff had their data compromised.
The BBC issued a statement via a spokesperson confirming their data was accessed via Zellis. They said: “We are aware of a data breach at our third party supplier, Zellis, and are working closely with them as they urgently investigate the extent of the breach.
“We take data security extremely seriously and are following the established reporting procedures.”
No evidence of voicemail interception in the four claims, says publisher[ROYAL]
Roommate of gangster who ‘chopped up’ Uber Eats driver heard ‘noises'[CRIME]
Monty Don sends out warning to fans as he’s targeted by imposter[LATEST]
Zellis provides services to several large business across the UK, including the NHS and Jaguar Land Rover.
A spokesman for the company said: “We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them.
“All Zellis-owned software is unaffected and there are no associated incidents or compromises to any other part of our IT estate.
“Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring.
“We have also notified the ICO, DPC, and the NCSC in both the UK and Ireland.
“We employ robust security processes across all of our services and they all continue to run as normal.”
Progress Software, the maker of MOVEit, identified the flaw in their programme last week. The company advised customers to “take immediate action” and remove any unauthorised account added by the hackers.
We use your sign-up to provide content in ways you’ve consented to and to improve our understanding of you. This may include adverts from us and 3rd parties based on our understanding. You can unsubscribe at any time. More info
Source: Read Full Article