British Airways and BBC in Russian-linked cyber attack

Multiple companies have been subjected to a cyber-attack today, which could affect thousands of their employees.

On Monday, June, 5, both British Airways (BA) and the BBC confirmed the cyber incident had compromised employee’s personal data of their staff which had impacted their payroll provider Zellis, according to The Record.

Over 21,000 people are employed by the BBC who said they were: ‘aware of a data breach at our third party supplier, Zellis, and are working closely with them as they urgently investigate the extent of the breach.’  They were quick to point out that at this stage they do not believe that workers’ bank details had been exposed to hackers.

BA, which has around 34,000 staff in the UK, confirmed that it too was ‘one of the companies impacted by Zellis’ cybersecurity incident which occurred via one of their third-party suppliers called MOVEit.’

Last week it was revealed that security experts had found more than 2,000 occasions of the MOVEit file transfer tool being exposed to the public internet.

Other high-level clients handled by Zellis include Aer Lingus, Jaguar Land Rover, as well as engineering company Dyson.

The high-street pharmacy chain Boots, with over 57,000 people in the U.K. and Ireland, has also been affected, although to what level is unclear.

Aer Lingus confirmed their links with Zellis and added that ‘some of our current and former employee data’ has been disclosed. However, crucially is is not thought that any financial or bank details were shared.

A shocked staff member for BA reportedly said: ‘I woke up to an email to find out all my details needed to steal my identity have been stolen from my company.’

A BA spokesperson said, ‘Zellis provides payroll support services to hundreds of companies in the UK, of which we are one… We have notified those colleagues whose personal information has been compromised to provide support and advice.’

This issue it seems has not been confirmed to the UK.  A statement from Zellis said that ‘a large number of companies around the world had been impacted and that ‘a small number of our customers have been impacted by this global issue.’

Zellis pointed out that they were quick to address the security breach: ‘Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring.’

In conclusion, they said that the UK and Republic of Ireland data protection authorities as well as both National Cyber Security Centres had been informed.

On Sunday, Microsoft was aware of the attacks on the MOVEit tool and named a group called Lace Tempest responsible. The group has a history of attacks using a type of ransomware known as Clop.

Secureworks’ Rafe Pilling said the group behind Clop was a Russian-speaking cybercrime group.