Major British groups, including British Airways and the BBC, were targeted by a vast cyberattack, attributed by the local press to Russian hackers, and during which the data of thousands of employees were stolen. The attack targeted Zellis, a British payroll and human resources company, with eight customers affected. "A large number of companies around the world have been affected by a vulnerability" in the MOVEit software, provided by the American Progress Software and used by Zellis on a server that has since been disconnected, the company said Tuesday in a statement sent to AFP.
" READ ALSO Cyberattacks: from the hacker "libertarian" to the cybercaïd brewing millions, how justice treats this flood of new offenders
But it has so far found no evidence that stolen information was made public or used illegally, and the motive for the data theft is unclear, as no group has claimed responsibility, a source familiar with the matter told AFP. Progress Software said last week on its website that it had "discovered a vulnerability in MOVEit Transfer" that could lead to "unauthorized access", and recommended that its customers "take immediate action", including "deleting files and accounts of unauthorized users".
«
We have been informed that we are one of the companies affected by the cybersecurity incident," British Airways confirmed to AFP. The BBC says the stolen data included staff identification numbers, dates of birth, home addresses and national insurance numbers. According to The Daily Telegraph, "up to 100,000 British workers" may have been affected. According to The Daily Telegraph, the compromised data within British Airways also includes bank details, and Boots pharmacies and the airline Aer Lingus were also affected by the attack.
See alsoDetection of cyberattacks: Sesame It raises 10 million euros
«
The cyberattack appeared to be linked to a Russian-speaking cybercrime group called Clop," the daily said, citing security researchers, as attacks attributed to Russian-linked groups multiplied after the start of the war in Ukraine. The National Centre for Cyber Security (NCSC), the British public agency responsible for assisting victims of cyberattacks, said it was "working to fully understand the impact in the United Kingdom" of the attack.