The BBC is reporting it’s been hit by a cyber attack (6 June, 2o23), along with organisations including British Airways, Boots and Aer Lingus.
Staff have been warned personal data including national insurance numbers and in some cases bank details may have been stolen.
The cyber criminals broke into a prominent piece of software to gain access to multiple companies in one go.
There are no reports of ransom demands being sought or money stolen.
In the UK, the payroll services provider Zellis is one of the companies affected and it said data from eight of its client firms had been stolen.
In an email to employees, the BBC said data stolen included staff ID numbers, dates of birth, home addresses and national insurance numbers.
Staff at British Airways have been warned that some may have had bank details stolen.
The UK’s National Cyber Security Centre said it was monitoring the situation and urged organisations using the compromised software to carry out security updates.
The hack was first disclosed last week when US company Progress Software said hackers had found a way to break into its MOVEit Transfer tool. MOVEit is software designed to move sensitive files securely and is popular around the world with most of its customers in the US.
The US Cybersecurity and Infrastructure Security Agency issued a warning on Thursday to firms that use MOVEit, instructing them to download a security patch to stop further breaches.
But security researcher Kevin Beaumont said internet scans revealed thousands of company databases could still be vulnerable as many affected firms are yet to install the fix.
“Early indications are there are a large number of prominent organisations impacted,” he said.
Although no official attribution has been made, Microsoft said it believed the criminals responsible are linked to the notorious Cl0p ransomware group, thought to be based in Russia.
No ransom demands have been made public yet but it is expected cyber criminals will begin emailing affected organisations to demand payment.
If you have concerns regarding cyber security, please get in touch either online or by phone, 01782 264455.