Security News > 2023 > June > British Airways, Boots, BBC payroll data stolen in MOVEit supply-chain attack

British Airways, the BBC, and UK pharmacy chain Boots are among the companies whose data has been compromised after miscreants exploited a critical vulnerability in deployments of the MOVEit document-transfer app.

Instead, payroll services provider Zellis on Monday admitted its MOVEit installation had been exploited, and as a result "a small number of our customers" - including the aforementioned British trio - had their information stolen.

We cannot disclose information on our MOVEit Transfer and MOVEit Cloud customers.

British Airways, which has about 35,000 employees, confirmed that it was one of the victims in what is now looking like yet another major supply chain attack.

"We have been informed that we are one of the companies impacted by Zellis' cybersecurity incident which occurred via one of their third-party suppliers called MOVEit," a British Airways spokesperson told The Register.

Both British Airways and Zellis said they had reported the intrusion to the UK Information Commissioner's Office, and Zellis notified the privacy watchdog's counterpart in Ireland as well as British cyber-police.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/06/05/british_airways_boots_moveit/