Aer Lingus, along with other global companies, has fallen victim to a cyberattack that resulted in the compromise of employee personal information. Zellis, a human resources and payroll support services provider, informed its clients, including Aer Lingus, British Airways, Boots, and the BBC, about the incident.
However, Aer Lingus confirmed that no financial or bank details or phone contact information of its current or former employees were compromised. The third-party provider has contained the incident, notified the Data Protection Commissioner and the National Cyber Security Centre, and taken steps to inform and support affected employees.
Furthermore, Zellis stated that a small number of its customers were impacted by the attack due to a vulnerability in MOVEit, a file transfer system used by the company.
Additionally, Efforts are underway to assist the affected customers, and the UK data watchdog and the National Cyber Security Centre have been informed. The attack on MOVEit is believed to be the work of Lace Tempest, a group known for ransomware operations and operating the extortion website called Clop, according to Microsoft Threat Intelligence.
At the same time, MOVEit, developed by US firm Progress Software, has addressed the vulnerability exploited by the hackers and is collaborating with cybersecurity experts to investigate the issue and implement appropriate response measures.
The incident highlights the ongoing threat posed by cyberattacks and the importance of robust cybersecurity measures to protect sensitive employee data.
