British Airways staff’s personal data exposed in cyber attack on payroll provider

Photo of Jamie Cartwright Jamie CartwrightPublished: 21:09, 05 June 2023| Updated: 11:49, 28 December 2023
373 2 minutes read

British Airways (BA) has confirmed that its entire UK-based workforce has been affected by a cyberattack that exposed personal data, including bank and contact details. The incident is linked to a zero-day vulnerability in Progress Software’s MOVEit file transfer system, which was exploited by hackers to access information from various global companies using the platform. Thousands of firms are believed to be impacted by the breach.

UK payroll provider Zellis disclosed that eight of its clients were among those affected, without naming the organisations. BA, which employs 34,000 people in the UK, acknowledged its involvement in the cybersecurity incident. Boots, with a staff of 50,000, also confirmed it had been affected. The Telegraph newspaper reported that the BBC was among the organisations caught up in the hacking, which is being linked to a Russia-based group.

The compromised data includes contact details, national insurance numbers, and bank details. BA told Sky News: “We have been informed that we are one of the companies impacted by Zellis’ cybersecurity incident which occurred via one of their third-party suppliers called MOVEit.”

Zellis provides payroll support services to hundreds of companies in the UK, of which BA is one. “This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool. We have notified those colleagues whose personal information has been compromised to provide support and advice.”

Related news

A Boots spokesperson said: “A global data vulnerability, which affected a third-party software used by one of our payroll providers, included some of our team members’ personal details. Our provider assured us that immediate steps were taken to disable the server, and as a priority we have made our team members aware.”

Zellis issued a statement: “A large number of companies around the world have been affected by a zero-day vulnerability in Progress Software’s MOVEit Transfer product. We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them.”

The statement continued, “All Zellis-owned software is unaffected and there are no associated incidents or compromises to any other part of our IT estate. Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring.”

World News
Photo of Jamie Cartwright

Jamie Cartwright

Jamie is a keen traveler, writer, and (English) teacher. A few years after finishing school in the East Mids, UK, he went traveling around South America and Asia. Several teaching and writing jobs, he found himself at The Thaiger where he mostly covers international news and events.

Related Articles

Hong Kong man’s death-defying leap across train tracks goes viral (video)

Published: 15:43, 23 April 2024

Taiwan rattled by new 6.3 magnitude quake and aftershocks

Published: 14:10, 23 April 2024

Couple returns cash hidden in chair to elderly owner in China

Published: 17:48, 22 April 2024

Debate blooms over Nanjing Station design: Plum blossom or sanitary pad?

Published: 13:49, 22 April 2024