Last week a cyberattack was done by a ransomware group called Clop by stealing data from MOVEit Transfer users. This week, the hacker group posted a threat on the dark web that says they will publish the stolen data, which includes personal information such as national insurance numbers, addresses and even payroll details.
The post has been written in broken English but essentially says that the affected companies have till 14th June to email them to begin negotiations, or the information will be made public. The Russia-based cybercrime gang has reassured that they have deleted all information from government, city or police services and added “Do not worry, we erased your data you do not need to contact us. We have no interest to expose such information.”
Zellis Has Taken Immediate Action
Post the attack, Zellis, a payroll service company that works with many UK employers, released a statement saying that they have taken immediate action. The statement read “Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring. We have also notified the ICO, DPC, and the NCSC in both the UK and Ireland. We employ robust security processes across all of our services, and they all continue to run as normal”.
Among the many Zellis customers, who were affected, were big companies like Aer Lingus, BBC, British Airways and Boots. In addition, information from the University of Rochester in New York as well as the Nova Scotia government in Canada have also been stolen. The US Cybersecurity and Infrastructure Security Agency have warned MOVEit users of potential breaches and advised them to add more security patches.
Cyberattack: Not the First Time for BBC and British Airways
This is not the first time companies like BBC or British Airways have been hacked. While it was not like this incident, in 2015 the BBC and a few other digital services faced a cyberattack that caused the main site as well as other supporting apps like iPlayer and BBC Sport to crash. Many users were greeted with a “creepy clown error message”, which led them to panic.
Similarly, in 2018, a different cybercrime group managed to hack into the British Airways systems with just 22 lines of code. While British Airways mentioned that passport numbers or travel data were not stolen, CVVs and expiration dates, were. However, the data breach only affected customers who completed transactions within a specific date range.
In such cases, including the current data breach, experts such as former National Cyber Security lead Prof Ciaran Martin tells BBC that the best thing to do is to not pay or panic. He further advises individuals to be suspicious of further calls or emails since secondary attacks are when people are tricked for more information.