The UK’s leading payroll provider has confirmed eight of its customers, including British Airways and Boots, have been impacted by a cyber attack.
The hack, in which staff’s personal information including names, addresses, and banking details may have been compromised, has suspected links to a Russian-speaking cybercrime gang, according to a report in The Telegraph.
The incident relates to a flaw in a piece of software called MOVEit Transfer, used by thousands of companies globally to transfer files, which could be exploited by cyber criminals. Companies using the software were urged last week to take immediate action.
Read more: Bristol cyber security specialist acquired by national technology company
Zellis, which has its head office at Bristol‘s Aztec West business park, said it was actively working to support its clients through the “global issue”.
In a statement, the company said: “We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them.
“Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring.
“We employ robust security processes across all of our services and they all continue to run as normal.”
A range of firms confirmed on Monday (June 5) workers had been warned about a cyber attack.
A spokeswoman for pharmacy chain Boots said: “A global data vulnerability, which affected a third-party software used by one of our payroll providers, included some of our team members’ personal details. Our provider assured us that immediate steps were taken to disable the server, and as a priority we have made our team members aware.”
British Airways, which has around 34,000 people employed in the UK, also confirmed it was one of the companies to be caught up.
A spokesman for the airline said: “We have notified those colleagues whose personal information has been compromised to provide support and advice.”
British Airways and Zellis have said they have both reported the incident to the Information Commissioner’s Office (ICO), the firm said.
The BBC is also understood to have been affected by the incident via Zellis, according to The Telegraph.
It comes after outsourcing firm and government contractor Capita was recently affected by a cyber attack that saw some customer, supplier and staff data accessed by hackers.
Capita said it faces a bill of up to £20m to deal with the incident, including for recovery and remediation costs and to invest in reinforcing its cyber security defences.
Read next:
- Cornwall-based cyber security practice attains IASME Certification Body status
- Cheltenham cyber security firm opens new facility, creating jobs
- Cheltenham cyber co-working space firm bought by national group
- Dorset firm C3IA Solutions takes part in government cyber security scheme
Like this story? Why not sign up to get the latest South West business news straight to your inbox.