Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Daily Mirror
Daily Mirror
Travel
Milo Boyd

British Airways staff's details stolen in cyber breach hitting firms around the world

British Airways employees are among thousands believed to have had their banking and pay details compromised in a data breach impacting a number of businesses in the UK.

On Monday morning the airline's bosses told staff that their details had been compromised, five years to the month after nearly half a million BA customers were caught up in a historic data breach.

The cyber breach affects payroll company Zellis, which is understood to have used file transfer tool MOVEit.

National insurance numbers, salaries, contact details, sort codes and account numbers of staff working for the UK's flag carrier were breached by hackers.

A disgruntled BA employee told the Mirror: "I woke up to an email to find out all my details needed to steal my identity have been stolen from my company."

Have you been impacted by the hack? Email webtravel@reachplc.com

The scale of the data breach is not yet known (stock photo) (Zellis)

MOVEit had a "critical software vulnerability" that "could give malicious actors unauthorized access to customers' networks", Axios reported over the weekend.

Zellis is understood to have used MOVEit, which in turn led to its clients data being breached. Zellis told the Mirror eight companies had been affected, but did not say which.

"We have been informed that we are one of the companies impacted by Zellis' cybersecurity incident which occurred via one of their third-party suppliers called MOVEit," a BA spokesperson told the Mirror. "Zellis provides payroll support services to hundreds of companies in the UK, of which we are one.

"This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool. We have notified those colleagues whose personal information has been compromised to provide support and advice."

BA is understood to be working with IAG's Group Security Operations Centre to mitigate any misuse of information and attempt to contain the issue as much as possible.

Both Zellis and BA have both reported the incident to the Information Commissioner's Office, which the Mirror has contacted for comment.

It remains unclear who is behind the attack and no criminal groups have started extorting victims whose data has been stolen on the dark web, according to a BleepingComputer report.

According to Zellis' own website it provides services to 42 of the FTSE 100 - a list of the largest firms in the country which includes BP, Coca-Cola, GSK, Tesco and Vodafone.

Zellis lists companies including White Stuff, the Irish Health Service Executive, Yodel, Bidfood, Cromwell, Leonardo and two UK councils it has worked with at some point.

A spokesperson for the firm said: “A large number of companies around the world have been affected by a zero-day vulnerability in Progress Software’s MOVEit Transfer product.

“We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them. All Zellis-owned software is unaffected and there are no associated incidents or compromises to any other part of our IT estate.

“Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring. We have also notified the ICO, DPC, and the NCSC in both the UK and Ireland.

“We employ robust security processes across all of our services and they all continue to run as normal.”

A spokesperson Progress Software, which makes MOVEit, told the Mirror: “Our customers have been, and will always be, our top priority.

"When we discovered this vulnerability in MOVEit Transfer and MOVEit Cloud, we promptly launched an investigation, alerted customers of the issue, provided immediate mitigations steps, disabled web access to MOVEit Cloud, and developed a security patch to address the vulnerability within 48 hours.

"We are also continuing to work with industry-leading cybersecurity experts to investigate the issue and ensure we take all appropriate response measures.”

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.