MOVEit Vulnerability Exploited To Attack British Airways, BBC, and Boots

Tyler Cross
Tyler Cross Senior Writer
Tyler Cross Tyler Cross Senior Writer

At least eight companies that use the cloud payroll company, Zellis, have fallen victim to a cybersecurity attack — these companies include British Airways, BBC, Boots, and more.

The attack may have come from the Russian hacker group Cl0p, but there’s no concrete evidence linking them yet. That said, Microsoft found that the methods of exploitation closely matched Cl0p’s previous attacks. Historically, the group waits several weeks before delivering a ransomware letter, so more proof may be acquired soon.

The vulnerability that the hackers manipulated was the file transfer service called MOVEit Transfer, the same service that recently affected the provincial government of Nova Scotia before it was declared to be a global cybersecurity issue.

All three companies have issued their own releases about the issue.

British Airways released a letter to the thousands of employees in the UK who have been victimized during the attack. In the letter, the company warns them about the attack and what data may have been stolen.

“(The) cybersecurity incident which has led to the disclosure of personally identifiable information (PII) about colleagues paid through British Airways’ payroll in the UK and Ireland,” British Airways said.

“We are aware of a data breach at our third-party supplier, Zellis, and are working closely with them as they urgently investigate the extent of the breach. We take data security extremely seriously and are following the established reporting procedures,” says a representative for Boots.

“We have been informed that we are one of the companies impacted by Zellis’ cybersecurity incident which occurred via one of their third-party suppliers called MOVEit. Zellis provides payroll support services to hundreds of companies in the UK, of which we are one,” Zellis stated in its letter.

The information stolen can include names, phone numbers, addresses, confidential information, banking and insurance information, email addresses, and dates of birth.

More details are still coming out about the story as investigations continue.

About the Author
Tyler Cross
Tyler Cross
Senior Writer

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends."