BBC, Boots and British Airways affected by malware gang attack

The supply-chain attack was allegedly carried out by ransomware gang Clop

Add bookmark
Olivia Powell
Olivia Powell
06/06/2023

The BBC, Boots and British Airways affected by malware gang attack

A cyber attack against document transfer app MOVEit has resulted in data breaches of several high-profile UK organizations and businesses. Those affected includes the British Broadcasting Company (BBC), health and beauty retailer Boots and UK-based airline British Airways. 

The attack involved the exploitation of a critical vulnerability in MOVEit’s infrastructure which allows malicious actors to break into company networks and steal data. The vulnerability was flagged by security researchers and the US government on June 1. The US Cybersecurity and Infrastructure Security Agency (CISA) urged all MOVEit clients to check for indications that malicious actors had gained unauthorized access to their networks over the past 30 days and to download and install the software patch released by MOVEit to address the issue. 

On June 5, payroll provider Zellis issued a statement that its third-party provider, MOVEit, had been the victim of a cyber attack, leading to data breaches for some of its customers. Zellis’ customers include a number of high-profile companies such as Dyson, Harrods, Sky, Land Rover and Jaguar. According to Zellis, however, only a “small number of [its] customers [were] impacted by this global issue”. 

Once Zellis became aware of the attack, the company disconnected its server that utilizes MOVEit software and engaged an external cyber security company to conduct a forensic investigation into the cyber attack and to further monitor its systems. The Information Commissioner’s Office (ICO), the Data Protection Commission (DPC) and the National Cyber Security Center (NCSC) in both the UK and Ireland have also been contacted regarding the cyber security incident.

The attack against MOVEit was allegedly carried out by ransomware gang Clop. Clop ransomware was first identified in February 2019. The gang has appeared to be getting more active in the past few months, with more victims’ details posted to the Clop malware leaks site, including a cyber attack carried out against cyber security company Fotra GoAnywhere.


RECOMMENDED