Tens of thousands of employees from major organizations, including British Airways, Boots, and the BBC, have fallen victim to a significant data breach stemming from a breach at their payroll provider, Zellis. The breach, which also affected the Nova Scotia government, is associated with the use of the MOVEit file transfer software. British Airways, Boots, and the BBC confirm the exposure of personal data of their employees, emphasizing the importance of urgently investigating the extent of the breach and collaborating with Zellis and MOVEit to address the issue.
Boots, employing over 50,000 people in Britain, acknowledges that some of its employees’ personal details were compromised in the attack. British Airways, with about 30,000 staff, and the BBC, with over 21,000 employees, are actively working with Zellis to assess the impact of the breach. MOVEit, the file transfer software at the center of the incident, faced security concerns after its maker, Progress Software, disclosed a flaw that could have allowed hackers to intercept exchanged data. MOVEit has since fixed the vulnerability, collaborating with experts to investigate the issue and implement appropriate response measures.
Microsoft attributes the hacks to the group known as “Lace Tempest,” associated with the cl0p ransomware site. The cl0p team confirms responsibility for the breaches and threatens to name victims who refuse to pay on its website. The involvement of a known ransomware group raises concerns about potential extortion attempts on the affected organizations. The incident highlights the broader challenges in securing digital systems and the need for swift responses to mitigate the impact of data breaches, emphasizing the importance of supply chain security in safeguarding sensitive information.
