British Airways UK staff hit by cyber security breach - personal data including bank information hacked
British Airways (BA) has revealed that personal information of its 34,000 UK employees has been leaked in a cyber security breach. Hackers have exposed the personal data of all employees including contact information, national insurance numbers and bank details.
Just last week, it was reported that the company’s so-called zero-day vulnerability file transfer system MOVEit had been exploited by cyber criminals. The programme, produced by Progress Software, had allowed hackers to access information from a variety of global companies using the software.
On Monday, June 5, a UK-based payroll provider Zellis, confirmed that eight of its clients had been affected. Despite not naming which organisations had been attacked by cyber criminals, BA later confirmed that it was among the organisations involved.
The Telegraph has reported that the BBC and healthcare chain Boots were also amongst companies caught up in the cyber attack. It was also reported that the hacking had been linked to a Russian-based group.
British Airways have said: “We have been informed that we are one of the companies impacted by Zellis’ cybersecurity incident which occurred via one of their third-party suppliers called MOVEit. Zellis provides payroll support services to hundreds of companies in the UK, of which we are one.
“This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool. We have notified those colleagues whose personal information has been compromised to provide support and advice.”
A statement has also been released from Boots, with a spokesperson saying: ““A global data vulnerability, which affected a third-party software used by one of our payroll providers, included some of our team members’ personal details. Our provider assured us that immediate steps were taken to disable the server, and as a priority we have made our team members aware.”
A spokesperson from Zellis told Sky News: "A large number of companies around the world have been affected by a zero-day vulnerability in Progress Software’s MOVEit Transfer product. We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them.
"All Zellis-owned software is unaffected and there are no associated incidents or compromises to any other part of our IT estate. Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring."