Security News > 2023 > June > British Airways, Boots, BBC payroll data stolen in MOVEit supply-chain attack
![British Airways, Boots, BBC payroll data stolen in MOVEit supply-chain attack](/static/build/img/news/british-airways-boots-bbc-payroll-data-stolen-in-moveit-supply-chain-attack-medium.jpg)
British Airways, the BBC, and UK pharmacy chain Boots are among the companies whose data has been compromised after miscreants exploited a critical vulnerability in deployments of the MOVEit document-transfer app.
Instead, payroll services provider Zellis on Monday admitted its MOVEit installation had been exploited, and as a result "a small number of our customers" - including the aforementioned British trio - had their information stolen.
We cannot disclose information on our MOVEit Transfer and MOVEit Cloud customers.
British Airways, which has about 35,000 employees, confirmed that it was one of the victims in what is now looking like yet another major supply chain attack.
"We have been informed that we are one of the companies impacted by Zellis' cybersecurity incident which occurred via one of their third-party suppliers called MOVEit," a British Airways spokesperson told The Register.
Both British Airways and Zellis said they had reported the intrusion to the UK Information Commissioner's Office, and Zellis notified the privacy watchdog's counterpart in Ireland as well as British cyber-police.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/06/05/british_airways_boots_moveit/
Related news
- Polyfill.io JavaScript supply chain attack impacts over 100K sites (source)
- Plugins on WordPress.org backdoored in supply chain attack (source)
- Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack (source)
- Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks (source)
- 'Almost every Apple device' vulnerable to CocoaPods supply chain attack (source)
- Millions of Apple Applications Were Vulnerable to CocoaPods Supply Chain Attack (source)
- 60 New Malicious Packages Uncovered in NuGet Supply Chain Attack (source)