![[UK] DHL, TfL, Ofcom and Ernst & Young impacted by MOVEit hack](http://gpa.net/cdn/shop/articles/bigstock-London-Uk--March--th-----238844350_1200x.jpg?v=1686791538)
On June 5, 2023, British Airways, Boots and BBC announced that Zellis - their UK payroll services provider - was one of the victims of the MOVEit cyberattack and, as a result, the personal data of their staff had been hacked, Lexology reports.
Russian ransomware group Clop subsequently took responsibility for the attack. Then, on June 6, Clop posted a notice on its darknet site stating that they had information on “hundreds of companies” and warning the affected organisations to contact them by June 14 to agree to a ransom payment or the stolen data would be published.
In the week since, other organisations have reportedly come forward to confirm that they have also been impacted by the cyberattack, either via the use of Zellis as their payroll services provider or directly through their use of the MOVEit software.
DHL has confirmed that it used Zellis as its payroll provider in the UK and that employee personal data might have been accessed. This includes employee number, first name, surname, date of birth, National Insurance No., first line of address, email address, employment start date and employment end date.
Transport for London (TfL) has also announced that one of its contractors who used MOVEit has been affected by the cyberattack. It stated that it was writing to all involved to make them aware of the incident but confirmed that the hack did not affect customer information and that banking details were not affected.
Ofcom has confirmed that confidential data about some companies it regulates - in addition to personal information from 412 employees - was downloaded during the cyberattack.
Accountancy firm Ernst & Young (EY) also confirmed that they used MOVEit and that some of its systems may have been accessed. EY is reportedly informing all those affected.
Source: Lexology
(Link via original reporting)
On June 5, 2023, British Airways, Boots and BBC announced that Zellis - their UK payroll services provider - was one of the victims of the MOVEit cyberattack and, as a result, the personal data of their staff had been hacked, Lexology reports.
Russian ransomware group Clop subsequently took responsibility for the attack. Then, on June 6, Clop posted a notice on its darknet site stating that they had information on “hundreds of companies” and warning the affected organisations to contact them by June 14 to agree to a ransom payment or the stolen data would be published.
In the week since, other organisations have reportedly come forward to confirm that they have also been impacted by the cyberattack, either via the use of Zellis as their payroll services provider or directly through their use of the MOVEit software.
DHL has confirmed that it used Zellis as its payroll provider in the UK and that employee personal data might have been accessed. This includes employee number, first name, surname, date of birth, National Insurance No., first line of address, email address, employment start date and employment end date.
Transport for London (TfL) has also announced that one of its contractors who used MOVEit has been affected by the cyberattack. It stated that it was writing to all involved to make them aware of the incident but confirmed that the hack did not affect customer information and that banking details were not affected.
Ofcom has confirmed that confidential data about some companies it regulates - in addition to personal information from 412 employees - was downloaded during the cyberattack.
Accountancy firm Ernst & Young (EY) also confirmed that they used MOVEit and that some of its systems may have been accessed. EY is reportedly informing all those affected.
Source: Lexology
(Link via original reporting)