Boots and British Airways among global firms affected by cyber attack
The ‘global issue’ may have exposed personal information, including names, addresses, and banking details.
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.A range of global companies including British Airways and Boots have warned their staff about a cyber attack that has compromised personal information.
The hack has suspected links to a Russian-speaking cybercrime gang called Clop, according to a report in The Telegraph.
The incident relates to a flaw in a piece of software called MOVEit Transfer, used by thousands of companies globally to transfer files, which could be exploited by cyber criminals.
Companies using the software were urged last week to take immediate action.
A global data vulnerability, which affected a third-party software used by one of our payroll providers, included some of our team members’ personal details
The UK’s leading payroll provider Zellis said that eight of its customers have been impacted by the “global issue”, which may have exposed personal information, including names, addresses, and banking details.
Boots confirmed it made its staff aware of the data vulnerability which it said was affecting many companies around the world.
A Boots spokeswoman said: “A global data vulnerability, which affected a third-party software used by one of our payroll providers, included some of our team members’ personal details.
“Our provider assured us that immediate steps were taken to disable the server, and as a priority we have made our team members aware.”
British Airways, which has around 34,000 people employed in the UK, also confirmed it was one of the companies to be caught up in the cyber attack.
“We have notified those colleagues whose personal information has been compromised to provide support and advice,” a spokesman said.
British Airways and Zellis have both reported the incident to the Information Commissioner’s Office (ICO), the firm said.
The BBC is also understood to have been affected by the incident via Zellis, according to The Telegraph.
Zellis said in its own statement: “We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them.
“Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring.
“We employ robust security processes across all of our services and they all continue to run as normal.”
It comes after outsourcing firm and government contractor Capita was recently affected by a cyber attack that saw some customer, supplier and staff data accessed by hackers.
Capita said it faces a bill of up to £20 million to deal with the incident, including for recovery and remediation costs and to invest in reinforcing its cyber security defences.
British Airways suffered a data hack in 2018, when the attacker is believed to have potentially accessed the personal data of approximately 429,612 customers and staff.
It included the names, addresses, payment card numbers and the three digits on the back of cards of 77,000 customers, and card numbers only for 108,000 customers.
The airline was fined £20 million by the ICO after investigators found it should have identified the security weaknesses that enabled the attack.