A Nottinghamshire based company is amongst several in the UK that have been hit by a data breach. Based in Beeston, Boots is one of the organisations targeted in a major hack on the the payroll platform Zellis, alongside British Airways and the BBC.
Zellis confirmed on Monday, June 5, that it had been hit by a cyber attack and eight of its clients were affected, but it has not named which ones. Zellis provides payroll, HR services and background checks for some of the UK's largest companies, including Tesco, BP, Wilko, Harrods and Credit Suisse.
According to PA Media, the cyber attack has been linked to the Russian cyber hacking group 'Clop' and occurred after the transfer tool MOVEit, which had a "critical software vulnerability", was used by Zellis to move files. Boots has confirmed it was one of the companies affected, and said that the data breached in the attack involved some of its 50,000 staff members' personal details reports The Daily Mirror.
Should shops close on bank holidays? Let us know
However, it is believed that bank details have not been taken. A statement issued by the health and beauty retail giant said: "Our provider assured us that immediate steps were taken to disable the server."
A British Airways spokesperson confirmed that they had also been affected and said all staff had been made aware. They said: "We have been informed that we are one of the companies impacted by Zellis' cybersecurity incident which occurred via one of their third-party suppliers called MOVEit.
"Zellis provides payroll support services to hundreds of companies in the UK, of which we are one. This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool.
"We have notified those colleagues whose personal information has been compromised to provide support and advice." The organisation has around 34,000 staff members, and one upset employee told the Mirror: "I woke up to an email to find out all my details needed to steal my identity have been stolen from my company.
Harrods, Wilko, vet's practice group CVS and British Car Auctions all use Zellis but have all confirmed they had not been affected. The firm has also worked with two UK councils and hospitals according to its website, including Bedford Borough Council and St Vincent's University Hospital in Dublin.
A BBC spokesperson said: "We are aware of a data breach at our third party supplier, Zellis, and are working closely with them as they urgently investigate the extent of the breach. We take data security extremely seriously and are following the established reporting procedures."
Both Zellis and BA have both reported the incident to the Information Commissioner's Office, which said it was "assessing the information provided." A spokesperson for Zellis stated: “A large number of companies around the world have been affected by a zero-day vulnerability in Progress Software’s MOVEit Transfer product.
“We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them. All Zellis-owned software is unaffected and there are no associated incidents or compromises to any other part of our IT estate.
“Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring. We have also notified the ICO, DPC, and the NCSC in both the UK and Ireland."
They continued: “We employ robust security processes across all of our services and they all continue to run as normal.” A spokesperson Progress Software, which makes MOVEit, told the Mirror it had "promptly launched an investigation" and alerted customers, before disabling web access to the tool and developing a security patch.
"We are also continuing to work with industry-leading cybersecurity experts to investigate the issue and ensure we take all appropriate response measures,” a spokesperson said.
READ NEXT:
Anger over 'rat-infested shanty town eyesore' that is immune to enforcement
One of city's best-loved pubs due to reopen with pavement seating
Police release images of 2 Nottinghamshire brothers who shattered pensioner's skull
Jury shown footage of dad lying on pavement after Nottingham stabbing
Amanda Holden breaks Britain's Got Talent silence after winner booed after final