British Airways and Boots affected by cyber attack on file transfer software

Employees of British Airways and Boots have been affected by a cyber attack targeting file transfer software MOVEit.

Zellis, a payroll company that used MOVEit, confirmed on Monday that it had been affected by the breach, which impacted eight of its clients.

British Airways and Boots confirmed that they were among those impacted. Reports in The Telegraph also suggest that the BBC were caught up in the cyber attack.

The data compromised by the attack include contact details, national insurance numbers, and banking information.

In a comment to Sky News, British Airways said: “This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool. We have notified those colleagues whose personal information has been compromised to provide support and advice.”

A British Airways employee anonymously contact The Mirror to say that they woke up to an email on Monday morning reporting that their details had been stolen as a result of the cyber attack.

The attack targeted a zero-day vulnerability in the MOVEit file transfer software.

“Our provider assured us that immediate steps were taken to disable the server, and as a priority we have made our team members aware,” said a Boots spokesperson.

In a statement by Zellis, the payroll company said they are actively working to support their clients affected by the MOVEit breach after taking immediate action to disconnect from the server utilising the file transfer software. All Zellis-owned software is reportedly unaffected, and the company will conduct forensic analysis and ongoing monitoring.

According to Zellis, the company provides services to companies like BP, Coca-Cola, GSK, Tesco, and Vodafone.

Progress Software, the company that produces MOVEit, said to The Mirror that an investigation into its MOVEit Transfer and MOVEit Cloud was launched promptly after the vulnerability was discovered. Web access to MOVEit Cloud was promptly disabled and a security patch was developed within 48 hours.

“We are also continuing to work with industry-leading cybersecurity experts to investigate the issue and ensure we take all appropriate response measures,” added the Progress Software spokesperson.

According to a tweet by the Microsoft Threat Intelligence, the attack on MOVEit is reportedly linked to Clop, a Russia-based group.

Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site. The threat actor has used similar vulnerabilities in the past to steal data & extort victims. pic.twitter.com/q73WtGru7j

— Microsoft Threat Intelligence (@MsftSecIntel) June 5, 2023

Hungry for more tech news?

Sign up for your weekly tech briefings!