THE banking and contact details of tens of thousands of employees for major UK companies have been exposed in a cyber-attack.
British Airways (BA) has revealed all its staff who are paid in the UK have been caught up in a cyber incident, and Boots have also confirmed they have been affected.
Thousands of firms are understood to be affected and UK-based payroll provider Zellis confirmed on Monday that eight of its clients were among them.
It did not name the organisations, however both BA and Boots have released statements confirming they were hit.
The airline employs 34,000 people in the UK and Boots has 50,000 staff.
A BBC spokesperson confirmed they were also affected by the hack.
It emerged last week that a flaw in a 2.6 billion dollar file transfer system MOVEit, produced by American company Progress Software, had been exploited by Russian cyber criminals.
In this incident, the compromised information includes contact details, national insurance numbers and bank details.
BA said: "We have been informed that we are one of the companies impacted by Zellis' cybersecurity incident which occurred via one of their third-party suppliers called MOVEit.
"Zellis provides payroll support services to hundreds of companies in the UK, of which we are one.
"This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool. We have notified those colleagues whose personal information has been compromised to provide support and advice."
A Boots spokesperson said: "A global data vulnerability, which affected a third-party software used by one of our payroll providers, included some of our team members' personal details.
"Our provider assured us that immediate steps were taken to disable the server, and as a priority we have made our team members aware."
The BBC spokesperson said: “We are aware of a data breach at our third party supplier, Zellis, and are working closely with them as they urgently investigate the extent of the breach.
“We take data security extremely seriously and are following the established reporting procedures.”
Zellis provides payroll services to a large number of major companies including the NHS and Jaguar Land Rover. The hack has affected eight of its customers, a source said.
Zellis said in its own statement: "A large number of companies around the world have been affected by a zero-day vulnerability in Progress Software's MOVEit Transfer product.
"We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them.
"All Zellis-owned software is unaffected and there are no associated incidents or compromises to any other part of our IT estate.
"Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring."