British Airways and BBC confirms staff targeted in cyber security breach with bank details stolen by criminals
Around 34,000 members of staff at BA are believed to have been affected by the cyber security breach
Both British Airways (BA) and BBC employees have been targeted by cyber criminals as their personal details were stolen as a result of a payroll system breach.
UK-based payroll company Zellis confirmed that eight of its clients were affected by the attack. The cyber criminals exploited a flaw in the MOVEit file transfer system which then exposed personal data of employees, including contact details, national insurance numbers and bank details.
It had been alleged that the criminals are part of a Russian-based group.
In an email seen by NationalWorld, BA told the affected staff: "We have been notified by Zellis, a company that provides payroll support services, that it has experienced a cyber security incident that has led to a disclosure of personal information about GBS colleagues paid through payroll in the UK.
"Our main priority is to protect your personal data. We have been working intensively with Zellis throughout the weekend to understand what has happened, including the extent of the impact on our colleagues’ personal information. We, and Zellis, have informed the Information Commissioner’s Office (ICO) and the UK National Cyber Security Centre of this incident."
BA added that it has taken steps to help support those who have had their details stolen, including providing access to a credit and web monitoring package which will allow employees to track whether their details have been misused.
NationalWorld has also been told that BBC staff have also been one of the employers hit by the security breach. In an email sent to staff, it stated that information such as their employee ID number, their national insurance number and their address is some of the information which has been accessed.
However, the BBC also stated that there is "no evidence that the data is being exploited" at this time, with the corporation's Information Security Team continuing to monitor the situation.
In a statement, Zellis said: "A large number of companies around the world have been affected by a zero-day vulnerability in Progress Software's MOVEit Transfer product. We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them.
"All Zellis-owned software is unaffected and there are no associated incidents or compromises to any other part of our IT estate. Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring."