News | Politics

Firms warned not to give in to blackmail threats after Russia-linked payroll data hack

Russia-linked ransomware group Clop claimed responsibility for the cyber attack, which hit companies including British Airways, the BBC and Boots
Companies using the software were urged last week to take immediate action (Alamy/PA)
PA
WEST END FINAL

Get our award-winning daily news email featuring exclusive stories, opinion and expert analysis

I would like to be emailed about offers, event and updates from Evening Standard. Read our privacy notice.

Thousands of firms that had payroll data hacked by criminals in a “global heist” were on Tuesday warned not to give in to blackmail threats.

Russia-linked ransomware group Clop claimed responsibility for the cyber attack, which hit companies including British Airways, the BBC and Boots on Monday.

Hackers targeted a flaw in the MOVEit file transfer software, which is widely used in the corporate world including by UK-based payroll provider Zellis.

Professor Ciaran Martin a former head of cyber security at GCHQ who set up the National Cyber Security Centre, said victims could be more susceptible to “sophisticated identity fraud” but companies should not pay the criminals to stop the stolen data being leaked online.

He told BBC Radio 4: “It looks like the BBC, Boots, BA and others are caught up in a very significant global data heist...This group of criminals are going to have massive amounts of personal data, sadly, and they’re going to look through it and see what is most extortable.

“They will then come to organisations and threaten them with publication of this data if they don’t pay. So they’ll look for the most damaging data and the strong advice will be to the organisations not to pay.

“What they might do, then more covertly is they might seek to monetise this data. It’s unlikely, certainly in the case of organisations like the BBC, to be something that you could just take and empty your bank account.

“But it does leave those affected more susceptible to sophisticated identity fraud, so they might try to develop techniques for scamming and so forth.

“So they’ll seek to monetise the data and what’s really important is that we do everything we can not to let them.”

Zellis did not name its clients caught up in the attack.

However, BA, the BBC and Boots confirmed their employees were among the victims.

The airline employs 34,000 people in the UK. Boots has around 52,000 British workers.

The broadcaster said it does not believe its employees’ bank details have been exposed, however their company ID and national insurance numbers were compromised.

Read More

Ukraine paramilitary groups claim to have launched incursion into Russia

Ukraine paramilitary groups claim to have launched incursion into Russia

Plot to 'poison baths of Ukraine army commanders' foiled, Kyiv says

Plot to 'poison baths of Ukraine army commanders' foiled, Kyiv says

Russian military plane crashes while carrying 15 people

Russian military plane crashes while carrying 15 people

Sponsored
Celebrate Art of London’s collaborations with women artists

Celebrate Art of London’s collaborations with women artists

Create a FREE account to continue reading

eros

Registration is a free and easy way to support our journalism.

Join our community where you can: comment on stories; sign up to newsletters; enter competitions and access content on our app.

Your email address

Must be at least 6 characters, include an upper and lower case character and a number

You must be at least 18 years old to create an account

* Required fields

Already have an account? SIGN IN

By clicking Create Account you confirm that your data has been entered correctly and you have read and agree to our Terms of use , Cookie policy and Privacy policy .

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in

MORE ABOUT

Russia
BBC
British Airways
Boots
hackers
companies