The UK's National Cyber Security Centre (NCSC) shared some important details about an incident at Zellis, a company that’s suffered a serious online attack. The event has shown us that even large and well-protected companies can be targeted by online threats. This blog will look into what happened and share valuable advice to help others avoid similar situations.
What has happened?
Criminals have exploited a vulnerability in Progress Software’s MOVEit file transfer app, which is used by thousands of organisations around the world. Payroll services provider Zellis have suffered a data breach as a result, with customer data being stolen. The NCSC is working with Zellis to understand and respond to this incident. We will continue to update the page as more information becomes available.
Who is affected?
The stolen information relates to employees at eight of Zellis's customers, including the BBC, Boots and British Airways. Other, non-UK based organisations have been affected, including Aer Lingus. Again, the information stolen relates to employees of these organisations.
What can I do?
If you work for an affected Zellis customer, and you are concerned about your personal information, follow our guidance below for individuals affected by a data breach. If you are an organisation directly affected by this vulnerability, see our guidance for organisations.
Advice for individuals affected
Anyone who believes their information has been compromised as a result of this incident (staff of the affected organisations) can find out how to protect themselves from the impact of the breach.
Advice for organisations affected
For organisations directly affected, Progress (the vendor of the MOVEit software) has issued best practice advice on mitigating this vulnerability.
The NCSC offers extensive guidance on preventing and mitigating malware attacks.
Cyber attacks like this that target organisations' supply chains (rather than the organisation directly) are increasingly common. In addition to our well-established Supply chain principles, we have recently provided:
The NCSC's position, along with law enforcement, is that we don’t endorse, promote or encourage the payment of ransoms. Read more in our joint blog with the Information Commissioner's Office (ICO) on why it’s a myth that paying the ransom makes the incident go away.
What if we have been compromised because of this vulnerability?
If you are a UK organisation compromised by this vulnerability, use the government's sign-posting service to report the incident.
To stay up to date against the latest threats, please sign up for our core membership today.