BT Academy
Thursday, November 21, 2024
BT Academy

@2022 - All Right Reserved. Designed and Developed by PenciDesign

Home Cyber Security BBC staffers warned of payroll data breach. BA and Boots also affected by MOVEit vulnerability • Graham Cluley
Cyber Security

BBC staffers warned of payroll data breach. BA and Boots also affected by MOVEit vulnerability • Graham Cluley

by BlueTrainingAcademy
written by 0 comment 0 views
0 FacebookTwitterPinterestEmail

BBC staff warned A vulnerability in a software tool used by the company that manages their payroll may have been exploited to put their personal data in the hands of cybercriminals.

There are a lot of moving parts here, so I’ll give a quick recap here.

BBC – British Broadcasting Company. That employee’s data can be misused by cybercriminals.

IBM – Companies that have subcontracted work to Zellis.

Zelis – The company that managed the BBC’s payroll services via IBM, apparently using a program called MOVEit Transfer.

progress – Developer of MOVEit Transfer. critical vulnerability.

Cl0p – A Russian-speaking ransomware extortion group is allegedly involved in the breach.

Sign up for our free newsletter.
Security news, advice and tips.

According to the BBC, Zelis said he had seen no evidence that employee bank account details had been exposed in a data breach.

Even if that’s true, enterprising criminals are turning fraud, identity theft, and even simple attacks against affected businesses that don’t want their employee details exposed on the dark web. There may still be plenty of opportunities for extortion.

Zellis has many other corporate customers. British Airways UK high street pharmacy bootsthousands of employees also appear to be affected.

It’s important to realize that blaming the BBC, Boots, British Airways, IBM, or even Xerith for this data breach is like shooting Messenger instead of actually being responsible. It is important.

Progress, developers of the buggy MOVEit Transfer software, have some apparently difficult questions to answer, and hopefully they’ll release a patch for this problem soon.

But ultimately the true bad guys in this story are the malicious hackers who have exploited their flaws to make a criminal fortune.

Recommended reading for organizations using MOVEit Transfer. Progress Security Informationtake the recommended steps to mitigate the threat.

Unfortunately, if data has already been stolen, it is the responsibility of the company to notify affected individuals and businesses and report the incident to regulators.

Did you enjoy this article? Follow Graham Cluley on Twitter again Mastodon To read more of the exclusive content we post,

Graham Cluley is a cybersecurity industry veteran who has worked for many security companies since the early 1990s when he created the first version of Dr. Solomon’s Antivirus Toolkit for Windows. He is now an independent analyst, making regular media appearances and an international speaker on the subject of cybersecurity, hackers and online privacy.please follow him twitter, MastodonBluesky, or email him.

Tags: affectedBBCBootsbreachCluleydataGrahamMOVEitpayrollstaffersVulnerabilitywarned
0 FacebookTwitterPinterestEmail
cropped-BTA_Logo-B-1-scaled-1
YOUR FUTURE STARTS HERE.

BLUE TRAINING ACADEMY

Register now for our membership to gain access to our elite training program and fast forward your career today!

Security Training

Top 10 Qualities Of Effective Security Guards That Make Them Stand Out
How To Stay In Shape While Working As A Newly Hired Security Guard?
Things No One Will Tell You To Become A Successful Private Patrol Guard
5 Things Security Guards Should Keep In Mind When Conducting Site Tours
Proven Ways To Reduce No-Shows Using Guardso Guard Tour Software

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Related Posts

Casbaneiro Banking Malware Goes Under the Radar with UAC Bypass Technique

How to write a killer pentest report • Graham Cluley

Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks

Local Governments Targeted for Ransomware – How to Prevent Falling Victim

New Variant of AsyncRAT Malware Spreading Through Pirated Software

Apple Threatens to Pull iMessage and FaceTime from U.K. Amid Surveillance Demands

Azure AD Token Forging Technique in Microsoft Attack Extends Beyond Outlook, Wiz Reports

Sophisticated BundleBot Malware Disguised as Google AI Chatbot and Utilities

Tech support scammers trick victims into old-school offline money transfer

Turla’s New DeliveryCheck Backdoor Breaches Ukrainian Defense Sector

Boris Johnson’s WhatsApps, and sextorting party girls • Graham Cluley

How to Manage Your Attack Surface?

Security Videos

Doctor Checkup for Kids – Types of Doctors...
chill out & romanticize your CURRENT reality #selfawareness...
Hacker, IT-Forensiker oder doch Consultant? 5 IT-Security Berufe...
Data matters! Do Security Training Better
cropped-BTA_Logo-B-1-scaled-1
Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Facebook Twitter Youtube Twitch

Editors' Picks

🎊🎉Discovering the power of self-awareness 🌟 #shorts #thinkbig
🌸 Self Awareness
🔴 November 17's Top Cyber News NOW! –...
🦋 Happiness : Just Be 🦋 Self Awareness

Copyright ©️ All rights reserved. | Blue Training Academy Blog