BBC staff warned A vulnerability in a software tool used by the company that manages their payroll may have been exploited to put their personal data in the hands of cybercriminals.

There are a lot of moving parts here, so I’ll give a quick recap here.

BBC – British Broadcasting Company. That employee’s data can be misused by cybercriminals.

IBM – Companies that have subcontracted work to Zellis.

Zelis – The company that managed the BBC’s payroll services via IBM, apparently using a program called MOVEit Transfer.

progress – Developer of MOVEit Transfer. critical vulnerability.

Cl0p – A Russian-speaking ransomware extortion group is allegedly involved in the breach.

Sign up for our free newsletter.
Security news, advice and tips.

According to the BBC, Zelis said he had seen no evidence that employee bank account details had been exposed in a data breach.

Even if that’s true, enterprising criminals are turning fraud, identity theft, and even simple attacks against affected businesses that don’t want their employee details exposed on the dark web. There may still be plenty of opportunities for extortion.

Zellis has many other corporate customers. British Airways UK high street pharmacy bootsthousands of employees also appear to be affected.

It’s important to realize that blaming the BBC, Boots, British Airways, IBM, or even Xerith for this data breach is like shooting Messenger instead of actually being responsible. It is important.

Progress, developers of the buggy MOVEit Transfer software, have some apparently difficult questions to answer, and hopefully they’ll release a patch for this problem soon.

But ultimately the true bad guys in this story are the malicious hackers who have exploited their flaws to make a criminal fortune.

Recommended reading for organizations using MOVEit Transfer. Progress Security Informationtake the recommended steps to mitigate the threat.

Unfortunately, if data has already been stolen, it is the responsibility of the company to notify affected individuals and businesses and report the incident to regulators.

Did you enjoy this article? Follow Graham Cluley on Twitter again Mastodon To read more of the exclusive content we post,

Graham Cluley is a cybersecurity industry veteran who has worked for many security companies since the early 1990s when he created the first version of Dr. Solomon’s Antivirus Toolkit for Windows. He is now an independent analyst, making regular media appearances and an international speaker on the subject of cybersecurity, hackers and online privacy.please follow him twitter, MastodonBluesky, or email him.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog