News

More organisations affected by Zellis/MoveIT data breach

Earlier this week, we reported that UK payroll provider Zellis had been affected by a huge data hack. And, as more details come to light about this breach, it becomes clear that more organisations were affected than was first thought.

The breach happened when hackers – believed to be part of the ‘Clop’ Russian crime group – exploited a security flaw in the MOVEit file transfer software. MOVEit claims to provide secure and compliant file transfers for sensitive data within and between organisations. The breach affects several global organisations that use this software – including Zellis.

Clop has claimed responsibility for the hack, stating that: “This is announcement to educate companies who use Progress MOVEit product that chance is that we download a lot of your data as part of exceptional exploit.”

Which organisations are affected?

MOVEit is – which is supplied by Progress Software – is used by companies across the world. So the scale of this data breach could be huge.  

In the UK, Zellis has confirmed that eight of its clients have had data stolen because of the data breach. Fo some, this information includes home addresses, national insurance numbers and bank details. 

The following Zellis clients have all confirmed that they have been affected by the data breach.  

  • The BBC. The BBC has confirmed that it is among those to have been affected.
  • British Airways. 34,000 UK employees could have had their bank, contact details, and national insurance numbers accessed by hackers.
  • Aer Lingus. Aer Lingus is one of the companies caught up in the cyberattack. According to Aer Lingus, no financial or bank details relating to Aer Lingus current or former employees were compromised in this incident.
  • Boots. Boots said it had been affected by the data breach. Boots has 50,000 staff.

In addition, the following organisations may also have data stolen by Russian cybercriminals: 

  • Nova Scotia Government.
  • The University of Rochester.

You can find out more about the MOVEIT/Zellis data breach here. 

Claim compensation for the Zelis data breach

Our cyber experts are investigating the breach to find out what happened, which organisations are involved, and how the breach affects their employees. 

If you live in England & Wales and receive notification that you are affected by this data breach, register below to make a no-win, no-fee compensation claim. 

Crucially, an employer cannot fire you or harm your career in any way if you make a claim. They would be breaking employment law if they did, and any action could be classed as discrimination. 

Deborah Stuttard

Share
Published by
Deborah Stuttard
1 year ago

Recent Posts

Latest Data Breach Round-Up – June 2024

In our regular update, we provide a roundup of some of the data breaches and… Read More

6 months ago

Join our MOVEit/ Zellis Data Breach Action

We have launched a group action against MOVEit/Zellis. Group actions can be a powerful tool… Read More

6 months ago

One year on – the extent of the MOVEit data hack is just becoming clear

The number of organisations affected by the MoveIt Data Breach is still rising, despite the… Read More

6 months ago

Join our 23andMe Data Breach Action

We have launched a group action against 23andMe. Group actions can be a powerful tool… Read More

6 months ago

ICO and Canadian counterpart to investigate 23andMe data breach

The Information Commissioner’s Office (ICO) has launched a joint investigation into the 23andMe data breach… Read More

6 months ago

Join Our Capita Data Breach Action

We have launched a group action against Capita. Group actions can be a powerful tool… Read More

6 months ago