Security News > 2023 > June > British Airways, Boots, BBC payroll data stolen in MOVEit supply-chain attack
British Airways, the BBC, and UK pharmacy chain Boots are among the companies whose data has been compromised after miscreants exploited a critical vulnerability in deployments of the MOVEit document-transfer app.
Instead, payroll services provider Zellis on Monday admitted its MOVEit installation had been exploited, and as a result "a small number of our customers" - including the aforementioned British trio - had their information stolen.
We cannot disclose information on our MOVEit Transfer and MOVEit Cloud customers.
British Airways, which has about 35,000 employees, confirmed that it was one of the victims in what is now looking like yet another major supply chain attack.
"We have been informed that we are one of the companies impacted by Zellis' cybersecurity incident which occurred via one of their third-party suppliers called MOVEit," a British Airways spokesperson told The Register.
Both British Airways and Zellis said they had reported the intrusion to the UK Information Commissioner's Office, and Zellis notified the privacy watchdog's counterpart in Ireland as well as British cyber-police.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/06/05/british_airways_boots_moveit/
Related news
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- Lessons from a Ransomware Attack against the British Library (source)
- XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor (source)
- New R Programming Vulnerability Exposes Projects to Supply Chain Attacks (source)