Security News > 2023 > June > British Airways, Boots, BBC payroll data stolen in MOVEit supply-chain attack
British Airways, the BBC, and UK pharmacy chain Boots are among the companies whose data has been compromised after miscreants exploited a critical vulnerability in deployments of the MOVEit document-transfer app.
Instead, payroll services provider Zellis on Monday admitted its MOVEit installation had been exploited, and as a result "a small number of our customers" - including the aforementioned British trio - had their information stolen.
We cannot disclose information on our MOVEit Transfer and MOVEit Cloud customers.
British Airways, which has about 35,000 employees, confirmed that it was one of the victims in what is now looking like yet another major supply chain attack.
"We have been informed that we are one of the companies impacted by Zellis' cybersecurity incident which occurred via one of their third-party suppliers called MOVEit," a British Airways spokesperson told The Register.
Both British Airways and Zellis said they had reported the intrusion to the UK Information Commissioner's Office, and Zellis notified the privacy watchdog's counterpart in Ireland as well as British cyber-police.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/06/05/british_airways_boots_moveit/
Related news
- It's only a matter of time before LLMs jump start supply-chain attacks (source)
- PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- Supply chain attack hits Chrome extensions, could expose millions (source)
- Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant' (source)
- North Korea targets crypto developers via NPM supply chain attack (source)