Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Daily Mirror
Daily Mirror
National
Susie Beever

Thousands of workers affected by major data hack at BBC, BA and Boots linked to Russia

Thousands of UK-based workers have been hit by a massive data breach in a Russia-linked cyber attack.

British Airways, Boots and the BBC are among the organisations affected after payroll platform Zellis - used by hundreds of UK companies - was targeted by a major hack.

Zellis told the Mirror that eight companies had been affected, but did not specify which.

The payroll provider says it works with a third of the FTSE 100, serving five million employees every month.

The hack has suspected links to a Russian-speaking cybercrime gang called Clop, reported The Telegraph, and relates to a flaw in a piece of software called MOVEit Transfer - used by thousands of companies globally to transfer files.

Boots confirmed that the breach involved some of its 50,000 staff members' personal details, although it is understood that bank details were not taken.

British Airways has also confirmed it has been affected (AFP via Getty Images)

The retail giant issued a statement yesterday, saying: "Our provider assured us that immediate steps were taken to disable the server."

British Airways, which has around 30,000 staff, also confirmed they had been affected and said all employees had been made aware.

One disgruntled employee told The Mirror: "I woke up to an email to find out all my details needed to steal my identity have been stolen from my company."

A spokesperson for the airline said: "We have been informed that we are one of the companies impacted by Zellis' cybersecurity incident which occurred via one of their third-party suppliers called MOVEit," a BA spokesperson told the Mirror.

"Zellis provides payroll support services to hundreds of companies in the UK, of which we are one.

"This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool.

BBC has confirmed it is one of the organisations impacted by the breach (Getty Images)

"We have notified those colleagues whose personal information has been compromised to provide support and advice."

Zellis provides payroll, HR services and background checks for some of the UK's biggest companies, including Tesco, BP, Wilko, Harrods and Credit Suisse, all of whom have been contacted by The Mirror.

Harrods, Wilko, vet's practice group CVS and British Car Auctions have all confirmed they had not been affected.

The firm has also worked with two UK councils and hospitals, according to its website, including Bedford Borough Council and St Vincent's University Hospital in Dublin.

A BBC spokesperson said: "We are aware of a data breach at our third party supplier, Zellis, and are working closely with them as they urgently investigate the extent of the breach.

"We take data security extremely seriously and are following the established reporting procedures."

BA employs more than 30,000 staff (NurPhoto via Getty Images)

Both Zellis and BA have both reported the incident to the Information Commissioner's Office, which said it was "assessing the information provided".

A spokesperson for Zellis said: “A large number of companies around the world have been affected by a zero-day vulnerability in Progress Software’s MOVEit Transfer product.

“We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them. All Zellis-owned software is unaffected and there are no associated incidents or compromises to any other part of our IT estate.

“Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring.

"We have also notified the ICO, DPC, and the NCSC in both the UK and Ireland.

“We employ robust security processes across all of our services and they all continue to run as normal.”

A spokesperson for Progress Software, which makes MOVEit, told the Mirror it had "promptly launched an investigation" and alerted customers, before disabling web access to the tool and developing a security patch.

"We are also continuing to work with industry-leading cybersecurity experts to investigate the issue and ensure we take all appropriate response measures,” a spokesperson said.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.