Advertisement

British Airways cyberattack: What we know so far

Saqib Shah
·2 min read
The wide-ranging cyberattack is believed to have been carried out by a Russian hacking group known as Clop (Dominic Lipinski/PA) (PA Wire)
The wide-ranging cyberattack is believed to have been carried out by a Russian hacking group known as Clop (Dominic Lipinski/PA) (PA Wire)

Tens of thousands of British Airways, Boots and BBC staff may have had their personal details stolen in a suspected cyberattack.

Payroll provider Zellis, which is used by hundreds of companies in the UK, confirmed on Monday that eight of its clients had been affected.

The attack was reportedly orchestrated by a prolific Russian cyber-crime gang known as Clop. The outfit is known for extorting industrial organisations with ransomware attacks.

British Airways said in a statement that the incident occurred because of a “vulnerability” in a third-party tool, called MoveIT, used by Zellis to transfer files. Boots said the attack had included some of its employees’ personal details.

US researchers first rang alarm bells over the theft of data from MoveIt users last Thursday after the company revealed that it had discovered a security flaw.

What have BA said about they cyberattack?

A spokesman for British Airways said: "We have been informed that we are one of the companies impacted by Zellis’ cybersecurity incident which occurred via one of their third-party suppliers called MOVEit.

"Zellis provides payroll support services to hundreds of companies in the UK, of which we are one. This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool.

"We have notified those colleagues whose personal information has been compromised to provide support and advice."

What type of data may have been compromised?

The compromised data is believed to have included names, addresses and national insurance numbers.

Boots employs over 50,000 people in Britain, while British Airways has about 30,000 staff.

Who are the Russian hacking group Clop?

Russian hacking group Clop has previously claimed to have infiltrated and stolen data from UK organisations such as Thames Water, NHS and an IT firm that handled access to the police national computer (PNC). The cyber-criminals typically leak some of the material they plunder on the dark web if their ransom demands are not met.

Clop has also conducted mass attacks that preyed upon flaws in other file transfer tools, including Fortra and Accellion.