British Airways is one of dozens of British, American and Canadian companies and organizations hit by a major cyber attack and told by the perpetrators to make contact within 7 days or face having the personal data of their employees dumped online. File photo by Molly Riley/UPI | License Photo
June 7 (UPI) -- Russian hackers who stole the payroll data of more than 100,000 employees of major British, American and Canadian companies and organizations threatened Wednesday to dump the data onto to the internet unless the firms make contact to negotiate.
In a message posted on the so-called dark web, The Clop group said hack victims -- which include the BBC, British Airways, Aer Lingus and Walgreens Boots Alliance -- must email them before June 14 or face having their data published online.
"This is announcement to educate companies who use Progress MOVEit product that chance is that we download a lot of your data as part of exceptional exploit," the post said, according to the BBC,
The group was able to harvest personal information ranging from names and addresses to social security numbers and bank details by hacking MOVEit, widely used business software made by Massachussets-based Progress that shifts files around company systems.
Britain and Ireland's largest payroll services provider, Zellis, confirmed that data has been stolen from eight unnamed organizations it works with but that what was taken varied across the different clients. It said that it had taken immediate action by disconnecting the server that utilizes the third-party MOVEit software and bringing in an outside security incident response team for forensic analysis and ongoing monitoring.
"All Zellis-owned software is unaffected and there are no associated incidents or compromises to any other part of our IT estate. We employ robust security processes across all of our services and they all continue to run as normal," the company said.
Walgreens Boots Alliance said a "global data vulnerability, which affected a third-party software used by one of our payroll providers, included some of our team members' personal details.
"Our provider assured us that immediate steps were taken to disable the server, and as a priority we have made our team members aware," the company said.
British Airways, which employs 34,000 people in Britain alone, said it had notified staff whose information had been compromised and was providing them with "support and advice."
"We have notified those colleagues whose personal information has been compromised to provide support and advice," a spokesman said.
In an email to its 22,000 staff, the BBC said data stolen included staff ID numbers, dates of birth, home addresses and national insurance numbers.
Britain's data protection and privacy watchdog, the Information Commissioner's Office, has been alerted of the incident by both Zellis and British Ariways.
Other organizations targeted included the University of Rochester in upstate New York and the Government of Nova Scotia although Clop claimed in its post that national and local government data or from public services such as police had been deleted.
"Do not worry, we erased your data you do not need to contact us. We have no interest to expose such information."
Last week, the U.S. Cybersecurity and Infrastructure Security Agency issued an alert instructing firms using MOVEit to download a security patch from Progress to prevent further breaches.
In 2021, a joint operation between Ukraine, the United States and South Korea broke up a Clop gang in Ukraine that they said had extorted victims around the world to the tune of $500 million.