BA, BBC and Boots Data Breach

The BBC, British Airways and Boots have been affected by a cyber security incident that has exposed employee personal data, including bank and contact details, to hackers.

A vulnerability was exploited in popular MOVEit Transfer software last week which has resulted in the data breach. A ransomware group named Clop has claimed responsibility for the hack.

It was not the usual type of ransomware attack, where hackers gain access to a victim’s IT networks and lock their computers; then demand payment to restore their access. Instead, this was an attack that exploited a previously unknown vulnerability in the MOVEit software and allowed the gang to extract data undetected. This is known as a zero-day vulnerability, because of the lack of time between discovery of the weakness and its exploitation by attackers. An exploit taking advantage of a zero-day is called a zero-day exploit, or zero-day attack.

The hackers were able to use their access to MOVEit to get into the databases of potentially hundreds of other companies.

Clop has gradually added the names, websites and company addresses of nearly 50 victims to its darknet website.

The organisations include banks, universities, travel firms and software companies from more than a dozen different countries including the US, Germany, Switzerland, the UK, Canada and Belgium.

Some of the companies listed by Clop on their so-called "leak site" have separately confirmed that they have had data stolen.

Since the initial MOVEit disclosure researchers have found many security issues within the software.

Get in touch to find out how we can help improve the cyber security of your business. Or if you have any questions we are always happy to chat!