British Airways, BBC, Boots affected by MOVEit vulnerability

Share post:

British Airways, the BBC, and U.K. pharmacy chain Boots fell victim to a data breach caused by a vulnerability in the MOVEit document-transfer application. Microsoft’s Lace Tempest team has confirmed that the breach was orchestrated by individuals associated with the Russian Clop ransomware gang.

The intrusion took advantage of a flaw in Zellis’ infrastructure. Zellis reported that their MOVEit installation was infiltrated, leading in unlawful access and theft of information from a small number of its clients, including British Airways, the BBC, and Boots. Zellis, on the other hand, promised its clients that the compromise had no impact on its own software.

The security researchers discovered that the cybercriminals exploited a vulnerability in MOVEit, a software used by Zellis, for at least a month before detection. The developer, Progress, has released a patch to fix the vulnerability (CVE-2023-34362).

The exact number of people affected, and the degree of exposed data are unknown, but the firm are said to be assisting the impacted employees. Both British Airways and Zellis disclosed the breach to the UK Information Commissioner’s Office (ICO) in reaction to the breach. Zellis also contacted the Irish privacy watchdog and the British cyber-police.

The sources for this piece include an article in TheRegister.


Related articles

Cyber Security Today, June 14, 2024 – Employee downloaded a file that led to hospital chain’s ransomware attack

An employee downloaded a file that led to hospital chain's ransomware attack Welcome to Cyber Security Today. It's Friday...

Cyber Security Today, June 12, 2024 – More Snowflake storage victims found, Microsoft issues new Windows patches,

More Snowflake storage victims found, Microsoft issues new Windows patches, and more. Welcome to Cyber Security Today. It's Wednesday,...

Former OpenAI employee alleges plan for AGI bidding war

In a recent interview, former OpenAI safety researcher Leopold Aschenbrenner made startling claims about his ex-employer's strategy regarding...

Malicious code in millions of installs traced to Microsoft Visual Studio

A group of Israeli researchers found thousands of potentially harmful extensions on the Visual Studio Code (VSCode) Marketplace,...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways