BBC, Boots, British Airways Hit By Mass Hack

hacker hacking security data

BBC, Boots, British Airways on growing list of companies affected by hack last week of US data-transfer software used around the world

The BBC, Boots and British Airways are amongst the companies affected by a mass hack detected last week, the companies confirmed on Monday.

The hack, which compromised a tool used by businesses to securely transfer sensitive data, affected payroll provider Zellis, which is used by the three British firms.

In all Zellis said eight of its clients had been affected, declining to name the firms.

The provincial government of Novia Scotia also said it was affected by the hack, while the BBC reported that Aer Lingus had had data stolen.

data breach, security

Personal data

The BBC said in a notice to staff that data stolen included staff ID numbers, dates of birth, home addresses and national insurance numbers.

British Airways told staff some may have had bank details stolen.

Boots, British Airways and the BBC each employ tens of thousands of people.

Last week Massachussetts-based Progress Software said hackers had compromised its MOVEit Transfer tool, enabling the hackers to intercept sensitive data being transferred by the tool.

Most MOVEit Transfer customers are in the US, but the technology is used by companies around the world.

Progress said in a statement on Monday it had fixed the flaw and was working with experts to investigate the hack “and ensure we take all appropriate response measures”.

Russian hackers

Microsoft said on Sunday it believes the hackers behind the incident are “Lace Tempest”, the company’s designation for the group that operates the Clop (also written cl0p) ransomware extortion website.

“The threat actor has used similar vulnerabilities in the past to steal data & extort victims,” Microsoft said on Twitter.

The group is believed to be based in Russia.

The “Clop team” confirmed to Reuters that it was behind the hack, saying “it was our attack” and that it would begin trying to extort money from compromised companies in due course, at which time their names would be posted on the Clop site.