Cyber Attack on BBC.
The BBC was one of the companies affected by a cyber attack that targeted software called MOVEit used by Zellis, a payroll provider.
The attack was attributed to a Russia-linked criminal gang. Staff have been warned that personal data including national insurance numbers and in some cases bank details may have been stolen.
A BBC spokesperson also confirmed the broadcaster had been affected. The corporation believes the breach does not include staff bank details.
“We are aware of a data breach at our third-party supplier, Zellis, and are working closely with them as they urgently investigate the extent of the breach. We take data security extremely seriously and are following the established reporting procedures,” the spokesperson said.
Zellis said a “small” number of its customers had been hit by a vulnerability in MOVEit, a file transfer system used by the company.
“We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them,” it said, adding that the UK data watchdog and the National Cyber Security Centre had been informed. It is understood the attack has affected eight Zellis customers in the UK and Ireland.
In a tweet, Microsoft’s threat intelligence team attributed the attacks on MOVEit to a group it called Lace Tempest. It said the group was known for ransomware operations and running an “extortion site” carrying data extracted from attacks using a strain of ransomware known as Clop.
Microsoft added: “The threat actor has used similar vulnerabilities in the past to steal data and extort victims.”
BA, BBC and Boots hit by cyber security breach.
The BBC, British Airways and Boots have been caught up in a cyber incident that has exposed employee personal data, including bank and contact details, to hackers.