Tens of thousands of British Airways, BBC and Boots staff may have had their personal details stolen following a suspected Russia-linked cyberattack of Payroll provider Zellis.
Zellis has confirmed eight of its clients had been affected and that employees bank details were not at risk but their national insurance may have been stolen.
BA informed staff of the cyber security incident, adding that personal information about colleagues may have been compromised.
“We have been informed that we are one of the companies impacted by Zellis’ cybersecurity incident which occurred via one of their third-party suppliers called MOVEit.
“Zellis provides payroll support services to hundreds of companies in the UK, of which we are one. This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool.
The compromised information is believed to include names, addresses, national insurance numbers, and banking details.
A BBC spokesman also confirmed they were affected by the hack. “The breach has been reported to the Information Commissioners Office and appears to be a significant global technical issue.”
The attack was linked to a Russian-speaking cybercrime gang known as Clop who have claimed responsibility for the hack.