This article was last updated on June 7, 2023
Table of Contents
Several British companies have confirmed a data breach where hackers have stolen personal information of tens of thousands of their employees. The companies affected include the BBC broadcaster, British Airways airline, and the pharmacist Boots.
It is not yet clear to what extent the hack has led to the data loss. As per reports, the stolen data may include the employee’s names, addresses, and salary details. More than 100,000 employees of different UK companies have already been warned that their salary data may have been stolen.
Cause of Hack
The hackers allegedly breached the software called MOVEit and gained unauthorized access to the data of the affected companies. Even though it is not confirmed that how the hackers broke into the system, cybersecurity experts anticipate that the hackers obtained access through a technical defect in the software.
A spokesperson for Boots has confirmed that a vulnerability in the software was exploited to access employee data. The British Airways also reported that their employees were informed of the data breach in which significant personal data was compromised. Payroll company Zellis has also confirmed that a cyber attack has occurred, and eight of their clients have been affected.
The hack occurred last week, and the suspects are not yet identified, but speculations suggest that a Russian hacker group called “Clop,” is behind the attack. According to the BBC, the hacker group posed an ultimatum for the companies, warning them of making their data public before June 14 if they fail to contact them.
Clop also claimed to have self-deleted some of the public sector data reportedly in their possession. However, experts believe that this statement is dubious as they are likely to sell the data or use it to conduct phishing campaigns against the concerned agencies.
Impact of the Hack
With personal data such as salary and other sensitive information in the hands of hackers, the affected employees are at risk of becoming the victim of identity theft or other attacks. As personal information can be used to initiate phishing attacks or impersonate employees, it can cause monetary damage and harm the reputation of the companies.
The companies have warned their employees not to share any confidential information through suspicious emails or SMS. Concerned surveillance mechanisms have also been put in place to detect any scam activities relating to the breached data.
The breach has been severe, and the companies are taking extreme measures to mitigate the threat and secure their employees’ data. Employees must remain vigilant and report any suspicious activity relating to their personal information. Companies, on the other hand, need to improve their cybersecurity measures and system vulnerability and regularly educate their employees against phishing and other scam activities.