A cybercrime gang has issued an ultimatum to major British companies, warning that stolen data will be published unless they email the gang before June 14.
The BBC, British Airways, and drugstore chain Boots said on Monday that tens of thousands of their employees were among those whose personal data was exposed following a cyber attack.
The affected firms said the breach occurred at Zellis, the UK’s leading payroll provider. The provincial government of Nova Scotia, in Canada, was also hit.
‘Exceptional Exploit’
The BBC said on Wednesday that a group which calls itself the “cl0p team” had issued an ultimatum in a long blog post written in broken English.“This is announcement to educate companies who use Progress MOVEit product that chance is that we download a lot of your data as part of exceptional exploit,” said the post, quoted by the BBC.
Personal Information ‘Compromised’
Zellis said earlier this week that eight of its customers have been impacted by the “global issue,” which may have exposed personal information, including names, addresses, and banking details.Boots confirmed it made its staff aware of the data vulnerability which it said was affecting many companies around the world.
A Boots spokeswoman said: “A global data vulnerability, which affected a third-party software used by one of our payroll providers, included some of our team members’ personal details.
“Our provider assured us that immediate steps were taken to disable the server, and as a priority, we have made our team members aware.”
British Airways, which has around 34,000 people employed in the UK, also confirmed it was one of the companies to be caught up in the cyber attack.
“We have notified those colleagues whose personal information has been compromised to provide support and advice,” a spokesman said.
‘Increasingly Sophisticated’ Cybercriminals
MOVEit has been at the centre of security industry concerns after its maker, Massachusetts-based Progress Software, disclosed a flaw last week that could have allowed hackers to intercept data being exchanged through the program.In a statement on Monday, the company said it had fixed the vulnerability exploited by the hackers and was working with experts to investigate the issue “and ensure we take all appropriate response measures.”
A spokesperson said the firm is working with police to “combat increasingly sophisticated and persistent cybercriminals intent on maliciously exploiting vulnerabilities in widely used software products.”
On Sunday Microsoft said it believed the group behind the hacks was “Lace Tempest”—the nickname assigned to online extortionists who run the “cl0p” ransomware site.
In an email to the Reuters news agency, the “cl0p team” confirmed it was responsible for the breaches, saying “it was our attack” and that victims who refused to pay would be named on its website.
The UK’s National Cyber Security Centre said on Monday that it is “working to fully understand UK impact following reports of a critical vulnerability affecting MOVEit Transfer software being exploited.”
“The NCSC strongly encourages organisations to take immediate action by following vendor best practice advice and applying the recommended security updates,” it said.
Boots employs over 50,000 people in Britain. British Airways has about 30,000 staff, and the BBC employs more than 21,000 people.
