A group of Russian hackers known as The Clop has issued a threat, stating that they have stolen payroll data belonging to over 100,000 employees from prominent British, American, and Canadian companies and organizations.
The hackers have demanded that the targeted firms initiate contact to engage in negotiations; otherwise, they will release the stolen data onto the internet.
The Clop group posted a message on the dark web, specifying that entities affected by the hack, including the BBC, British Airways, Aer Lingus, and Walgreens Boots Alliance, must send them an email before June 14th.
Failure to comply would result in the hackers publishing the pilfered data online.
“This is announcement to educate companies who use Progress MOVEit product that chance is that we download a lot of your data as part of exceptional exploit,” the post said, according to the BBC.
The hacking group successfully obtained personal information, including names, addresses, social security numbers, and bank details, by exploiting vulnerabilities in the widely used business software MOVEit, developed by Progress, a Massachusetts-based company. MOVEit is commonly utilized for file transfer within company systems.
Zellis, the largest payroll services provider in Britain and Ireland, acknowledged that data had been compromised from eight undisclosed organizations it collaborates with. The extent of the information accessed varied among the affected clients.
Zellis promptly responded by disconnecting the server that employs the third-party MOVEit software and engaging an external security incident response team for forensic analysis and continuous monitoring.
“All Zellis-owned software is unaffected and there are no associated incidents or compromises to any other part of our IT estate. We employ robust security processes across all of our services and they all continue to run as normal,” the company said.
Walgreens Boots Alliance said a “global data vulnerability, which affected a third-party software used by one of our payroll providers, included some of our team members’ personal details.
“Our provider assured us that immediate steps were taken to disable the server, and as a priority we have made our team members aware,” the company said.
British Airways, which employs 34,000 people in Britain alone, said it had notified staff whose information had been compromised and was providing them with “support and advice.”
“We have notified those colleagues whose personal information has been compromised to provide support and advice,” a spokesman said.