Hackers steal Boots and BA staff details
EMPLOYERS such as Boots, British Airways and the BBC have warned staff that cyber thieves have stolen banking details and addresses.
The hack is thought to be linked to a Russian cybercrime gang called Clop.
UK payroll provider Zellis said eight of its customers have been affected by the “global issue”, which may have exposed names, addresses and banking information.
The incident relates to a flaw in software called MOVEit Transfer, used by thousands of firms globally to transfer files.
Companies using the software were urged last week to take immediate action.
A Boots spokeswoman said: “A global data vulnerability, which affected a third-party software used by one of our payroll providers, included some of our team members’ personal details. Our provider assured us that immediate steps were taken to disable the server, and as a priority we have made staff aware.”
British Airways, which employs around 34,000 in the UK, also confirmed it was one of the companies affected.
A spokesman said: “We have notified those colleagues whose personal information has been compromised to provide support and advice.”
BA and Zellis have reported the incident to the Information Commissioner’s Office.
The BBC is also understood to have been affected by the incident via Zellis, according to a newspaper.
A Zellis spokesman said: “We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them.
“Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring.
“We employ robust security processes across all of our services and they continue to run as normal.”
It comes after outsourcing firm and government contractor Capita was recently affected by a cyber attack that saw some customer, supplier and staff data accessed by hackers.
Capita said it faces a bill of up to £20million, including costs to bolster its cyber security defences.