Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label The Telegraph. Show all posts

Zellis Cyberattack: British Airways, Boots and BBC Employee’s Personal Data Exploited


Zellis Cyberattacks Exploiting MOVEit

British Airways (BA), Boots, and BBC have recently been investigating an alleged cyber incident. The attack, apparently carried out by a Russia-based criminal gang, included the theft of the personal data of the companies' employees.

BA confirmed the attack, noting that the hackers targeted software named MOVEit used by Zellis, a payroll provider.

“We have been informed that we are one of the companies impacted by Zellis’s cybersecurity incident, which occurred via one of their third-party suppliers called MOVEit,” said a British Airways spokesperson.

The affected BA employees were informed about the situation through an email, which read that the compromised data included their names, addresses, national insurance numbers, and banking details, according to The Telegraph which initially reported about the incident. BA further added that the attack has prominently affected the staff who were paid via BA payroll in the UK and Ireland.

Another company affected by the attack, Boots, says that “some of our team members’ personal details” were compromised. The Telegraph reported that the staff members were informed about the attacks, with the stolen data involving their names, surnames, employee numbers, dates of birth, email addresses, the first lines of home addresses, and national insurance numbers.

While a BBC spokesperson has confirmed the attacks, the corporations decline that the breach involves any of its staff’s bank details.

“We are aware of a data breach at our third-party supplier, Zellis, and are working closely with them as they urgently investigate the extent of the breach. We take data security extremely seriously and are following the established reporting procedures,” the spokesperson said.

Microsoft’s Investigation of the Attacks

Microsoft threat intelligence, in a tweet on Sunday, claimed the attacks on MOVEit were carried out by a threat group called Lace Tempest. The group is popular among threat intelligence firms for their ransomware operations and running “extortion sites” carrying data obtained in attacks using a ransomware strain called Clop.

Microsoft says “The threat actor has used similar vulnerabilities in the past to steal data and extort victims.”

According to Rafe Pilling, director of Secureworks, a US-based security firm, the attack was probably carried out by an affiliate of the cybercriminal gang behind the Clop ransomware, as well as the connected website alluded to by Microsoft where stolen data is advertised. He adds that a Russian-speaking cybercrime organization was responsible for Clop.

Pilling forewarns the victims, asserting they might be contacted by the hackers in the near future, demanding ransom in return for the stolen data. “Victims will be contacted and if they refuse they will probably be listed and published on the Clop site,” he said. Furthermore, MOVEit spokesperson recently confirmed that they have “corrected” the vulnerability exploited by the threat actors.

“We are continuing to work with industry-leading cybersecurity experts to investigate the issue and ensure we take all appropriate response measures,” they added.