top of page

URGENT: MOVEit transfer breach

The UK's National Cyber Security Centre (NCSC) shared some important details about an incident at Zellis, a company that’s suffered a serious online attack. The event has shown us that even large and well-protected companies can be targeted by online threats. This blog will look into what happened and share valuable advice to help others avoid similar situations.

What has happened?

Criminals have exploited a vulnerability in Progress Software’s MOVEit file transfer app, which is used by thousands of organisations around the world. Payroll services provider Zellis have suffered a data breach as a result, with customer data being stolen. The NCSC is working with Zellis to understand and respond to this incident. We will continue to update the page as more information becomes available.

Who is affected?

The stolen information relates to employees at eight of Zellis's customers, including the BBC, Boots and British Airways. Other, non-UK based organisations have been affected, including Aer Lingus. Again, the information stolen relates to employees of these organisations.

What can I do?

If you work for an affected Zellis customer, and you are concerned about your personal information, follow our guidance below for individuals affected by a data breach. If you are an organisation directly affected by this vulnerability, see our guidance for organisations.

Advice for individuals affected

Anyone who believes their information has been compromised as a result of this incident (staff of the affected organisations) can find out how to protect themselves from the impact of the breach.

Advice for organisations affected

For organisations directly affected, Progress (the vendor of the MOVEit software) has issued best practice advice on mitigating this vulnerability.

Cyber attacks like this that target organisations' supply chains (rather than the organisation directly) are increasingly common. In addition to our well-established Supply chain principles, we have recently provided:

The NCSC's position, along with law enforcement, is that we don’t endorse, promote or encourage the payment of ransoms. Read more in our joint blog with the Information Commissioner's Office (ICO) on why it’s a myth that paying the ransom makes the incident go away.

What if we have been compromised because of this vulnerability?

If you are a UK organisation compromised by this vulnerability, use the government's sign-posting service to report the incident.

To stay up to date against the latest threats, please sign up for our core membership today.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.


The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page