Hello everybody,
Just read this news and I thought it was something interesting to talk about.
UK-based payroll provider Zellis confirmed on Monday that 8 of its clients were caught up in a cyber incident that has exposed companies' staff personal data including bank, national insurance numbers and contact details to hackers.
Pretty scary if you ask me!!
Zellis didn't name the companies involved but British Airways (34000 members of staff) and Boots (50000 UK staff members) came forward and named themselves among the business involved in the hacking incident.
BA told Sky News: "We have been informed that we are one of the companies impacted by Zellis' cybersecurity incident which occurred via one of their third-party suppliers called MOVEit."
"Zellis provides payroll support services to hundreds of companies in the UK, of which we are one.
"This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool. We have notified those colleagues whose personal information has been compromised to provide support and advice."
Apparently what was attacked, is a file transfer system MOVEit so-called zero-day vulnerability, basically a backdoor / flaw in the system, that allowed the hackers (which allegedly are a Russian-based group) to access information related to bank accounts and national insurance numbers of members of staff and a limited number of customers of said establishments.
The Telegraph also reported that BBC is one of the companies involved in this crazy incident and they were the first to expose that this hackers' group could be Russian based as their report was mentioning that there has been a spike of cyber attacks linked to Russia since the start of the war in Ukraine, with loads of Western governments, agencies and companies targeted for turning their backs on Russia.
Security researchers said the cyber attack appeared to be linked to a Russian-speaking cybercrime gang called Clop.
Zellis made an official statement: "A large number of companies around the world have been affected by a zero-day vulnerability in Progress Software's MOVEit Transfer product.
"We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them.
"All Zellis-owned software is unaffected and there are no associated incidents or compromises to any other part of our IT estate.
"Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring."
Just read this news and I thought it was something interesting to talk about.
UK-based payroll provider Zellis confirmed on Monday that 8 of its clients were caught up in a cyber incident that has exposed companies' staff personal data including bank, national insurance numbers and contact details to hackers.
Pretty scary if you ask me!!
Zellis didn't name the companies involved but British Airways (34000 members of staff) and Boots (50000 UK staff members) came forward and named themselves among the business involved in the hacking incident.
BA told Sky News: "We have been informed that we are one of the companies impacted by Zellis' cybersecurity incident which occurred via one of their third-party suppliers called MOVEit."
"Zellis provides payroll support services to hundreds of companies in the UK, of which we are one.
"This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool. We have notified those colleagues whose personal information has been compromised to provide support and advice."
Apparently what was attacked, is a file transfer system MOVEit so-called zero-day vulnerability, basically a backdoor / flaw in the system, that allowed the hackers (which allegedly are a Russian-based group) to access information related to bank accounts and national insurance numbers of members of staff and a limited number of customers of said establishments.
The Telegraph also reported that BBC is one of the companies involved in this crazy incident and they were the first to expose that this hackers' group could be Russian based as their report was mentioning that there has been a spike of cyber attacks linked to Russia since the start of the war in Ukraine, with loads of Western governments, agencies and companies targeted for turning their backs on Russia.
Security researchers said the cyber attack appeared to be linked to a Russian-speaking cybercrime gang called Clop.
Zellis made an official statement: "A large number of companies around the world have been affected by a zero-day vulnerability in Progress Software's MOVEit Transfer product.
"We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them.
"All Zellis-owned software is unaffected and there are no associated incidents or compromises to any other part of our IT estate.
"Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring."
Share with Messenger
1 Comment