Major British corporations, including British Airways and the BBC, have been the target of a large-scale cyberattack that the local press blamed on Russian hackers, stealing the data of thousands of employees.
• Also read – Computer security: Quebec SMEs lag behind in war
The attack targeted Zellis, a UK company specializing in payroll and HR management, whose eight customers were affected.
“Many companies around the world have been affected by a vulnerability” in the MOVEit software provided by American Progress Software and used by Zellis on a server that has since been shut down, the company assured in a statement sent to AFP on Tuesday Explanation .
So far, however, no evidence has been found that the stolen information was made public or used illegally, and the motive for the data theft is unclear as no group claims responsibility, a source familiar with the file told AFP.
Progress Software said on its website last week that it had “discovered a vulnerability in MOVEit Transfer” that could specifically lead to “unauthorized access” and advised its customers to “take immediate action”, specifically by “removing the files and files”. unauthorized user accounts”.
“We have been informed that we are one of the companies affected by the cybersecurity incident,” British Airways confirmed to AFP.
According to the BBC, the data stolen included personal identification numbers, dates of birth, home addresses and social security numbers.
According to The Daily Telegraph, “up to 100,000 British workers” could be affected.
According to The Daily Telegraph, the compromised data within British Airways included bank details, and Boat pharmacies and airline Aer Lingus were also affected by the attack.
“The cyberattack appeared to be linked to a Russian-speaking cybercrime group called Clop,” the daily continues, citing security researchers, as attacks attributed to groups linked to Russia increased after the crisis began in Ukraine.
For its part, the National Cybersecurity Center (NCSC), the UK agency specifically responsible for assisting victims of cyberattacks, said it was “working to fully understand the impact of the attack in the UK”.