Boots, BA and BBC staff hit by Russian hackers
BRITISH Airways, Boots and the BBC have been caught up in a Russian cyber attack, exposing the personal information of tens of thousands of employees.
Bosses at BA wrote to their 34,000strong workforce yesterday warning them of the breach.
Criminals exploited software vulnerabilities at Bristol-based payroll provider Zellis to win access to the details of eight of its clients. Security experts said the attack appeared to be linked to a Russian-speaking cybercrime gang called Clop. Home addresses, bank details and national insurance numbers have all been stolen.
A spokesman for Boots, which has 50,000 staff, said: ‘A global data vulnerability, which affected third-party software used by one of our payroll providers, included some of our team members’ personal details. Our provider assured us that immediate steps were taken to disable the server, and as a priority we have made our team members aware.’
The BBC said: ‘We are aware of a data breach at our third party supplier, Zellis, and are working closely with them as they urgently investigate. We take data security extremely seriously and are following the established reporting procedures.’
It is understood that the data breach did not include the bank account details of BBC staff.
But Rafe Pilling of the US cybersecurity firm Secureworks warned last night: ‘Victims will be contacted and if they refuse they will probably be listed and published on the Clop site.’
Zellis said in its own statement: ‘We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them. There are no associated incidents or compromises to any other part of our IT estate.’
The Information Commissioner’s Office and the pensions ombudsman are assessing the situation. The Data Protection Commission and National Cyber Security Centre have also been informed.
There has been a sharp rise in the number of incidents linked to Russia since it invaded Ukraine last February.
Emma Whitmore of Edgio, a security software group, said the latest attack showed that no organisation was safe from the hackers.
‘Sharp rise in incidents’