In a recent cybersecurity incident, payroll company Zellis fell victim to a cyberattack, affecting major organisations including British Airways, and the BBC.
The Russian ransomware group Clop is believed to be behind the recent cyber security attack, taking advantage of an ongoing vulnerability in the file transfer software MOVEit Transfer.
Zellis, a leading provider of outsourced payroll services in the UK and Ireland, serves a significant portion of the FTSE 100 businesses and processes over 60 million payslips annually. Confirming the extent of the attack, Zellis acknowledged that at least eight of its customers which includes the BBC and British Airways (BA), have been affected by ransomware attacks.
BA has taken immediate action by notifying thousands of employees about the cybersecurity incident. The company has expressed concerns regarding the disclosure of personally identifiable information of colleagues paid through British Airways' payroll in the UK and Ireland. The exposed information includes names, addresses, national insurance numbers, and banking details.
British Airways has identified Zellis' cybersecurity incident as the result of a breach through one of their third-party suppliers, MOVEit. As Zellis provides payroll support services to numerous companies in the UK, BA is among the impacted organisations.
Similarly, Boots employees have also experienced compromises to their personal data. This includes the exposure of names, employee numbers, dates of birth, email addresses, national insurance numbers, and the first lines of their house addresses. Boots has acknowledged the data breach and is actively collaborating with Zellis to investigate the extent of the breach.
These incidents highlight the growing concern surrounding cyberattacks and the critical need for organisations to prioritise cybersecurity measures to protect sensitive employee information and prevent future breaches. View our cybersecurity services here.
