Proactive Investors - Workers at British Airways, BBC and Walgreens Boots Alliance Inc (NASDAQ:WBA) have been warned their personal data might have been stolen after Zellis, the payroll provider, was hacked.
BA, owned by International Consolidated Airlines Group (LON:ICAG), told its 34,000 workers that a cyber security attack has resulted in the “disclosure of personal information of colleagues paid through British Airways’ payroll in the UK and Ireland.”
In an email to staff, BA added that national insurance numbers, banking details, names and addresses may have been compromised.
Other clients of Zellis. including the BBC and Boots. also confirmed "knowledge" of the attack.
Chemists chain Boots told its staff that similar data had been stolen as well as dates of birth and email addresses.
In an email to employees, it was said a “very small number” of workers had additional data stolen.
At the BBC a spokesperson said: “We are aware of a data breach at our third-party supplier, Zellis, and are working closely with them as they urgently investigate the extent of the breach.”
“We take data security extremely seriously and are following the established reporting procedures.”
A source at Zellis, which also serves the NHS and Jaguar Land Rover, said eight of its customers had been affected, according to the Telegraph.
The attack is linked to the Russian cyber gang Clop, experts believe, which gained access through a backdoor in a file transfer software used by Zellis.
The software in question is called MOVEit and is owned by Progress Software (NASDAQ:PRGS).
The technology firm confirmed the vulnerability last week before telling customers to “take immediate action” by deleting any unauthorised user accounts.
The hack comes after earlier this year after outsourcing group Capita fell victim to a cyber attack.
The attack led to members of both M&S and Diageo (LON:DGE)'s pension schemes having personal data stolen.
After months of investigation, it was found around 90 companies had personal data compromised by the hack.