Boots, BA and BBC have data stolen in cyber attack
HomeHome > News > Boots, BA and BBC have data stolen in cyber attack

Boots, BA and BBC have data stolen in cyber attack

May 30, 2023

First MOVEit victims are emerging

A few days after the MOVEit data breach hit the headlines, we’re now getting reports of different companies that were affected by the incident. According to a BBC report, the media powerhouse is among those affected, as well as British Airways, Boots, Aer Lingus, and Zellis.

MOVEit Transfer is a managed file transfer (MFT) solution built by Ipswitch, a subsidiary of a company called Progress. Companies usually use software such as this to securely transfer sensitive files, such as financial data, personally identifiable information, and more.

Last Friday, the company confirmed the discovery of a "critical" vulnerability and urged its users to apply a workaround immediately in anticipation of an official patch.

Now, according to the BBC, the data that was stolen in the breach includes national insurance numbers, as well as bank details - depending on the affected software user. For the BBC, besides national insurance numbers, the hackers got away with staff ID numbers, dates of birth, and postal addresses.

British Airways is warning its staff that some may have had their bank details stolen. Zellis, a payroll service provider, said eight of its clients have had data compromised, and while it didn't reveal the nature of these files, it said each client is notifying its staff.

No threat actor has yet claimed responsibility for the attack, or demanded ransom in exchange for the data. However, Microsoft says it believes the threat actor known as Clop was behind the incident. Clop is a Russia-linked threat actor, that recently gained infamy after successfully compromising GoAnywhere MFT.

> MOVEit Transfer has a major security issue - here's what you need to know > Saks Fifth Avenue becomes latest Clop ransomware victim > Check out the best ID theft protection right now

GoAnywhere is another secure managed file transfer solution, used by countless companies to transfer sensitive files, securely, between endpoints. Multiple high-profile organizations were affected by the GoAnywhere breach, including Hitachi Energy, Hatch Bank, Health Systems, Investissement Quebec, Rubrik, AvicXchange, Saks Fifth Avenue, Galderma, and many, many others.

"The recent cyber breach at Zellis, a payroll provider for organizations such as the BBC and British Airways (BA), underscores the critical role comprehensive third-party risk management plays in today's digital era," said Alexander Heid, chief research and development officer with cybersecurity ratings and risk management company SecurityScorecard.

"This exploit leverages SQL injection, enabling attackers to interact with the server database, manipulate reading/writing permissions, and ultimately gain control through arbitrary code execution," he added.

According to Heid, the researchers found thousands of exposed servers out there. "The research also uncovered over 2,500 exposed MOVEit servers across 790 organizations, several hundred of which exhibited the specific vulnerability. They noted that active scanning and attempted exploitation of the vulnerability continued through at least March 29th, 2023, which is when the exfiltration started for Zellis."

Via: BBC

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he's written for numerous media outlets, including Al Jazeera Balkans. He's also held several modules on content writing for Represent Communications.

This malware is evolving to become more dangerous than ever

Cisco Live 2023 live: All the news and announcements

Gigabyte releases fix for motherboard security flaws, so patch now

By Philip BerneJune 06, 2023

By Cesar CadenasJune 05, 2023

By Muskaan SaxenaJune 05, 2023

By Mike MooreJune 05, 2023

By Hamish HectorJune 05, 2023

By Mark WilsonJune 05, 2023

By Muskaan SaxenaJune 05, 2023

By Amelia SchwankeJune 05, 2023

By Matt EvansJune 05, 2023

By Cesar CadenasJune 05, 2023

By Amelia SchwankeJune 05, 2023

MOVEit Transfer has a major security issue - here's what you need to know Saks Fifth Avenue becomes latest Clop ransomware victim Check out the best ID theft protection right now