More than 100,000 employees at prominent British companies have been cautioned by a cybercrime gang to send them emails by June 14, or else stolen data will be exposed. As reported by the BBC, the Clop group, which targeted BBC employees during the hack, communicated this warning in fractured English on the dark web.
The hack also encompassed the payroll systems of several notable organizations, including British Airways, Boots, Aer Lingus, Nova Scotia Government, and the University of Rochester. The cybercrime gang managed to breach MOVEit, a widely used business software, and exploited this access to infiltrate the databases of potentially numerous other companies.
In its statement on Wednesday, the BBC revealed that Clop had published the following message: "This announcement serves as a warning to companies utilizing the Progress MOVEit product, as there is a high likelihood that we have obtained a significant amount of your data through an extraordinary exploit."
According to the broadcaster, the posted message further encouraged the affected organizations to initiate a negotiation with the gang by sending an email through the crew's darknet portal.
According to a spokesperson from Boots, a worldwide data vulnerability impacted a third-party software utilized by one of their payroll providers, resulting in the exposure of personal information belonging to some of their staff members. The provider promptly took action to disable the server, and Boots made it a priority to inform their employees about the incident.
British Airways, with approximately 34,000 employees in the UK, also verified that they were among the affected companies in the cyber attack.
"We have contacted the affected individuals whose personal information was compromised, offering them support and guidance," stated a spokesperson.
British Airways and Zellis have both informed the Information Commissioner's Office (ICO) about the incident, according to the company.
This development follows a recent cyber attack on Capita, an outsourcing firm and government contractor, where hackers gained access to certain customer, supplier, and staff data.
Capita has estimated that it could incur expenses of up to £20 million to address the incident, covering recovery and remediation costs as well as investments in strengthening its cybersecurity defenses.
Leave a comment