Britain – British Airways (BA) has announced that it has fallen prey to a significant cybersecurity data breach affecting a payroll management company situated in the United Kingdom.
On June 5, 2023, Zellis, a company entrusted by BA for payroll management services, disclosed that it had fallen victim to a cyberattack exploiting a previously unidentified vulnerability in a third-party file transfer system, MOVEit.
The breach has sparked concerns. The potential compromise of personal data for all BA employees in the UK who receive payments. This includes sensitive information such as bank account details, national security numbers, residential addresses, and dates of birth.
British Airways Data Breach
Last week, US-based company Progress Software made the first public acknowledgment of a hack. In which cybercriminals successfully breached their MOVEit Transfer tool. MOVEit is widely used globally for securely transferring sensitive files, with a significant customer base in the US.
Progress Software took immediate action upon discovering the breach, promptly alerting its customers and swiftly releasing a downloadable security update.
A spokesperson for the company emphasized their collaboration with law enforcement. To combat the escalating threat posed by highly skilled and persistent cybercriminals who seek to exploit vulnerabilities in widely adopted software products.
On Thursday, the US Cybersecurity and Infrastructure Security Agency warned companies utilizing MOVEit sternly, urging them to download and apply a crucial security patch promptly. This urgent measure aims to mitigate the risk of additional breaches.
Data Breaches History
British Airway’s Encounter with Data Theft: Past Data Breach and Regulatory Consequences
British Airways has regrettably encountered significant data theft in its history, most notably in 2018.
During this incident, the British airline unlawfully obtained the personal data of around 400,000 passengers. In response, the Information Commissioner’s Office (ICO), the regulatory authority responsible for safeguarding personal data, initially imposed a substantial fine of £180 million on BA.
However, subsequent to an appeal, the fine was eventually reduced to £20 million.
BA has faced security breaches and a series of IT-related headaches in recent years. The airline has encountered various software glitches that have resulted in substantial financial losses.
On December 20, 2022, problems with check-in and departure control software led to the grounding of numerous flights for several hours. A similar incident in 2017 caused widespread disruption throughout BA’s network.
Warning Issued to Staff: Possible Theft of Personal Data, Including National Insurance and Bank Details.
Alarming news surfaces as it comes to light that the personal data of employees, containing sensitive information such as national insurance numbers and, in some cases, bank details, may have been exposed to risk.
Cybercriminals took advantage of a significant software vulnerability, granting them access to multiple companies concurrently.
Currently, there are no reports suggesting any ransom demands or instances of monetary theft.
British Airways staff have received a warning stating that specific individuals may have stolen their bank details.
The National Cyber Security Centre of the UK has acknowledged the incident and is actively monitoring the situation. They have advised organizations utilizing the affected software to implement security updates promptly.
Stay tuned with us. Further, follow us on social media for the latest updates.