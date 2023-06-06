A massive cyber attack has hit the UK as banking and contact details of the employees of British Airways owned by IAG, BBC, and Boots among thousands of other firms have been compromised. The cyber attack on Zellis, a payroll provider used by hundreds of firms in the UK targeted the confidential information of the Brits from across dozens of businesses and companies. Zellis' server stored the banking details of British citizens. Walgreens Boots Alliance, Boots confirmed in a statement that its customers were hit by the cyberattack and employees' personal details were breached. Zellis server is used by number of companies in the UK including NHS and Jaguar Land Rover.

Zellis said in a statement: "A large number of companies around the world have been affected by a zero-day vulnerability in Progress Software's MOVEit Transfer product.We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them."

All Zellis-owned software, according to the firm, is unaffected and there are no associated incidents or compromises to any other part of its IT estate. "Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring," the company noted.

Loophole in file transfer system MOVEit exploited by Russian cybercriminals

British Airways has an estimated 34,000 staff employed in the UK, while Boots has 50,000 employees. A loophole in the 2.6 billion dollar file transfer system MOVEit, manufactured by an American company Progress Software, was allegedly exploited by the Russian hackers. The latter accessed the contact details, national insurance numbers and bank details of the UK citizens. "We have been informed that we are one of the companies impacted by Zellis' cybersecurity incident which occurred via one of their third-party suppliers called MOVEit," a source at British Airways told The National.

"Zellis provides payroll support services to hundreds of companies in the UK, of which we are one," it added. "This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool. We have notified those colleagues whose personal information has been compromised to provide support and advice."

Boots spokesperson was quoted saying that a "global data vulnerability, which affected a third-party software used by one of our payroll providers, included some of our team members' personal details." The spokesperson continued that "Our provider assured us that immediate steps were taken to disable the server, and as a priority, we have made our team members aware."

Meanwhile BBC in its response noted, “We are aware of a data breach at our third party supplier, Zellis, and are working closely with them as they urgently investigate the extent of the breach." It continued, “We take data security extremely seriously and are following the established reporting procedures.”