News

Boots and British Airways among global firms affected by cyber attack

The ‘global issue’ may have exposed personal information, including names, addresses, and banking details.
The ‘global issue’ may have exposed personal information, including names, addresses, and banking details.

A range of global companies including British Airways and Boots have warned their staff about a cyber attack that has compromised personal information.

The hack has suspected links to a Russian-speaking cybercrime gang called Clop, according to a report in The Telegraph.

The incident relates to a flaw in a piece of software called MOVEit Transfer, used by thousands of companies globally to transfer files, which could be exploited by cyber criminals.

Companies using the software were urged last week to take immediate action.

The UK’s leading payroll provider Zellis said that eight of its customers have been impacted by the “global issue”, which may have exposed personal information, including names, addresses, and banking details.

Boots confirmed it made its staff aware of the data vulnerability which it said was affecting many companies around the world.

A Boots spokeswoman said: “A global data vulnerability, which affected a third-party software used by one of our payroll providers, included some of our team members’ personal details.

“Our provider assured us that immediate steps were taken to disable the server, and as a priority we have made our team members aware.”

British Airways, which has around 34,000 people employed in the UK, also confirmed it was one of the companies to be caught up in the cyber attack.

“We have notified those colleagues whose personal information has been compromised to provide support and advice,” a spokesman said.

British Airways and Zellis have both reported the incident to the Information Commissioner’s Office (ICO), the firm said.

Summer weather July 19th 2022
British Airways is one of the companies to confirm staff personal information was compromised (Jonathan Brady/PA)

The BBC is also understood to have been affected by the incident via Zellis, according to The Telegraph.

Zellis said in its own statement: “We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them.

“Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring.

“We employ robust security processes across all of our services and they all continue to run as normal.”

It comes after outsourcing firm and government contractor Capita was recently affected by a cyber attack that saw some customer, supplier and staff data accessed by hackers.

Capita said it faces a bill of up to £20 million to deal with the incident, including for recovery and remediation costs and to invest in reinforcing its cyber security defences.

British Airways suffered a data hack in 2018, when the attacker is believed to have potentially accessed the personal data of approximately 429,612 customers and staff.

It included the names, addresses, payment card numbers and the three digits on the back of cards of 77,000 customers, and card numbers only for 108,000 customers.

The airline was fined £20 million by the ICO after investigators found it should have identified the security weaknesses that enabled the attack.