Russian Ransomware group breaches MOVEit software; BBC, British Airways affected
The Clop ransomware group, thought to be based in Russia, has threatened on its dark website to publish stolen data.
Britain's cybersecurity agency on Wednesday urged companies to be vigilant after the BBC, British Airways and other firms said their employees' personal details may have been compromised in a software hack. (ALSO READ: HT Interview | Paying up to ransomware attackers bad strategy…: Dmitry Volkov)
The companies were the first major victims after hackers successfully breached a popular file transfer software called MOVEit. The Clop ransomware group, thought to be based in Russia, has threatened on its dark website that stolen data, including personal details such as names and home addresses, could be published.
“We are working to fully understand the U.K. impact following reports of a critical vulnerability affecting MOVEit Transfer software being exploited," Britain's National Cyber Security Center said in a statement.
“The NCSC strongly encourages organizations to take immediate action by following vendor best practice advice and applying the recommended security updates," it added.
ALSO READ: AIIMS services in Delhi hit by malware attack
MOVEit is a program widely used by businesses to securely share files online. Zellis, a leading payroll services provider in the U.K. that works with British Airways, the BBC and hundreds of others, was one of its users. Zellis said Monday a “small number” of its customers have been affected by the breach.
It is thought that hackers broke into the software and used that to gain access to the databases of potentially hundreds of other companies.
“This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool,” British Airways said in a statement. “We have notified those colleagues whose personal information has been compromised to provide support and advice.”
The BBC, which employs about 22,000 people worldwide, said it was working with Zellis as it sought to establish the extent of the breach.
The broadcaster said in an email sent Monday to all U.K. staff and freelancers that data including birthdates, national insurance numbers and home addresses was disclosed. But it said bank account details had apparently not been compromised, and there was “no evidence that the data is being exploited.”
Drugstore chain Boots, which employs more than 50,000 people, also said it had made staff aware of the hack.
BA and Zellis said they had reported the incident to Britain's Information Commissioner's Office.
