Massive Hacker Attack in the United Kingdom: Employee Data Stolen from Hundreds of Companies, including BBC, British Airways, and Boots
BBC, British Airways, Boots, and Aer Lingus are among a growing number of organizations hit by a mass hacker attack in the United Kingdom. Personnel have been warned about the theft of personal data, including social security numbers, and in some cases, bank account information. Cybercriminals breached critical software to gain access to multiple companies at once. The ransomware group known as Clop has claimed responsibility for the attack related to the MOVEit file transfer software, as reported by Sky News.
In an email to Reuters on Monday, the hackers wrote, “This was our attack,” and warned that victims who refused to pay the ransom would be named and shamed on the group’s website.
Last week, it was revealed that the cybercriminals exploited a so-called zero-day vulnerability in the MOVEit file transfer system produced by Progress Software. This allowed hackers to access information about numerous global companies utilizing MOVEit Transfer. It is believed that thousands of firms could be affected.
On Monday, British payroll services provider Zellis confirmed that eight of its clients were among those affected. British Airways, which employs 34,000 people in the UK, also confirmed the attack. The BBC and Boots, employing a combined total of 50,000 workers, reported being impacted as well. Progress Software stated that it promptly alerted its customers upon detecting the breach and swiftly provided a security update for download.
The UK’s National Cyber Security Centre stated that it is monitoring the situation and has urged organizations using the compromised software to perform security updates.
This large-scale hacker attack has highlighted the ever-growing threat posed by cybercriminals to businesses and their employees’ sensitive information. As organizations strive to strengthen their cybersecurity measures, it is crucial for individuals to remain vigilant and follow recommended security practices to protect their personal data from such malicious activities.