Several well-known organizations, including the BBC, British Airways, Boots, and Aer Lingus, have fallen victim to a large-scale hacking incident. Employees have been notified that their personal information, including national insurance numbers and, in some cases, bank details, may have been compromised.
The cybercriminals exploited a prominent software platform to gain unauthorized access to multiple companies simultaneously. As of now, there have been no reports of ransom demands or financial losses resulting from the breach.
One of the affected companies in the UK is Zellis, a payroll services provider. It confirmed that data from eight of its client firms had been stolen but did not disclose the names of those organizations. Independently, affected organizations have been issuing warnings to their staff members.
- Inside the huge new skycraper changing Cardiff’s skyline – and the big catch if you want to live here
- Martin Lewis shares four conditions which could mean you pay no council tax
- Landlords angered by minister saying their renters’ reforms fears are ‘alarmist’
- Some hotel chains using ‘bait pricing’ to potentially mislead consumers
- Claims assisted dying bill presents serious safeguarding risks
In an internal email, the BBC informed its employees that stolen data included staff ID numbers, dates of birth, home addresses, and national insurance numbers. British Airways also alerted its staff that some individuals may have had their bank details compromised.
The UK’s National Cyber Security Centre stated that it is closely monitoring the situation and advised organizations using the compromised software to implement security updates promptly.
The hacking incident came to light when Progress Software, a US company, announced last week that hackers had found a way to breach their MOVEit Transfer tool. MOVEit is a widely used software solution designed for secure file transfers, with a significant customer base in the United States.
The US Cybersecurity and Infrastructure Security Agency issued a warning to companies using MOVEit, instructing them to download a security patch to prevent further breaches. However, cybersecurity researcher Kevin Beaumont reported that internet scans revealed thousands of company databases still remain vulnerable because many affected firms have not yet installed the necessary fix.
Preliminary findings suggest that numerous prominent organizations have been impacted by the breach, although specific details have not been disclosed. Experts anticipate that the cybercriminals will likely attempt to extort money from organizations rather than individuals. While no public ransom demands have been made, it is expected that affected organizations will receive emails demanding payment. The threat actors may also threaten to publish the stolen data online for other hackers to exploit.
Affected organizations are urging their staff members to remain vigilant against suspicious emails that could potentially lead to further cyber attacks.
Although no official attribution has been made, Microsoft stated its belief that the criminals responsible are associated with the notorious Cl0p ransomware group, which is thought to be based in Russia. In a blog post, the tech giant attributed the attacks to Lace Tempest, a group known for ransomware operations and operating the Cl0p extortion website where victim data is published. Microsoft noted that the hackers have utilized similar techniques in previous incidents to steal data and extort their victims.
“This latest round of attacks is another reminder of the importance of supply chain security,” emphasized John Shier, a representative from the cybersecurity company Sophos. He added, “While Cl0p has been linked to this active exploitation, it is probable that other threat groups are prepared to use this vulnerability as well.”