![[UK] BBC, BA and Boots all hit by MOVEit cyberattack](http://globalpayrollassociation.com/cdn/shop/articles/bigstock-London-Uk-May-----Bbc-B-455803091_1200x.jpg?v=1685987772)
The BBC, British Airways, Boots and Aer Lingus now number among a growing list of organisations impacted by a mass hack, BBC News reports.
Staff at the affected companies have been warned that their personal data - including national insurance numbers and, in some cases, bank details - may have been stolen.
The cybercriminals reportedly broke into a prominent piece of software in order to gain access to multiple companies at once.
There are currently no reports of ransom demands being sought or money stolen.
In the UK, the payroll services provider Zellis is one of the affected organisations. It said that data from eight of its customers had been stolen.
It declined to reveal names but organisations are said to be independently issuing warnings to staff.
In an email to employees, the BBC said stolen data included staff ID numbers, dates of birth, home addresses and national insurance numbers.
Staff at British Airways have also been warned that some may have had bank details stolen.
The UK's National Cyber Security Centre reportedly said it was monitoring the situation and urged organisations using MOVEit to carry out security updates.
The hack was first disclosed last week when US company Progress Software said hackers had found a way to break into their MOVEit Transfer tool.
The piece of software is popular around the world but the majority of customers are in the US.
The US Cybersecurity and Infrastructure Security Agency issued a warning on June 4 to firms that use MOVEit, urging them to download a security patch to stop further breaches.
However, security researcher Kevin Beaumont told BBC News that internet scans have revealed thousands of company databases could still be vulnerable as affected firms are yet to install the fix.
"Early indications are there are a large number of prominent organisations impacted," he said.
Experts said it is likely that cybercriminals will choose to attempt to extort organisations instead of individuals.
No ransom demands have been made public yet but it is reportedly expected that cybercriminals will make contact with affected organisations to demand a payment.
They are likely to threaten to publish the stolen data online for other hackers to access.
Victim organisations have reminded staff to remain vigilant about any suspicious emails that could potentially lead to further cyber attacks.
No official attribution has yet been made for the hack, however, Microsoft said it believed the criminals responsible have links to the notorious Clop ransomware group, thought to be based in Russia.
In a blog post, the Microsoft said it was attributing attacks to Lace Tempest, known for ransomware operations and running the Clop extortion website where victim data is published. The tech giant said the hackers responsible have used similar techniques in the past to steal data and extort victims.
"This latest round of attacks is another reminder of the importance of supply chain security," John Shier - from cyber security company Sophos - said.
"While Clop has been linked to this active exploitation it is probable that other threat groups are prepared to use this vulnerability as well.”
Source: BBC News
(Quotes via original reporting)
The BBC, British Airways, Boots and Aer Lingus now number among a growing list of organisations impacted by a mass hack, BBC News reports.
Staff at the affected companies have been warned that their personal data - including national insurance numbers and, in some cases, bank details - may have been stolen.
The cybercriminals reportedly broke into a prominent piece of software in order to gain access to multiple companies at once.
There are currently no reports of ransom demands being sought or money stolen.
In the UK, the payroll services provider Zellis is one of the affected organisations. It said that data from eight of its customers had been stolen.
It declined to reveal names but organisations are said to be independently issuing warnings to staff.
In an email to employees, the BBC said stolen data included staff ID numbers, dates of birth, home addresses and national insurance numbers.
Staff at British Airways have also been warned that some may have had bank details stolen.
The UK's National Cyber Security Centre reportedly said it was monitoring the situation and urged organisations using MOVEit to carry out security updates.
The hack was first disclosed last week when US company Progress Software said hackers had found a way to break into their MOVEit Transfer tool.
The piece of software is popular around the world but the majority of customers are in the US.
The US Cybersecurity and Infrastructure Security Agency issued a warning on June 4 to firms that use MOVEit, urging them to download a security patch to stop further breaches.
However, security researcher Kevin Beaumont told BBC News that internet scans have revealed thousands of company databases could still be vulnerable as affected firms are yet to install the fix.
"Early indications are there are a large number of prominent organisations impacted," he said.
Experts said it is likely that cybercriminals will choose to attempt to extort organisations instead of individuals.
No ransom demands have been made public yet but it is reportedly expected that cybercriminals will make contact with affected organisations to demand a payment.
They are likely to threaten to publish the stolen data online for other hackers to access.
Victim organisations have reminded staff to remain vigilant about any suspicious emails that could potentially lead to further cyber attacks.
No official attribution has yet been made for the hack, however, Microsoft said it believed the criminals responsible have links to the notorious Clop ransomware group, thought to be based in Russia.
In a blog post, the Microsoft said it was attributing attacks to Lace Tempest, known for ransomware operations and running the Clop extortion website where victim data is published. The tech giant said the hackers responsible have used similar techniques in the past to steal data and extort victims.
"This latest round of attacks is another reminder of the importance of supply chain security," John Shier - from cyber security company Sophos - said.
"While Clop has been linked to this active exploitation it is probable that other threat groups are prepared to use this vulnerability as well.”
Source: BBC News
(Quotes via original reporting)