Personnel Today
  • Home
    • All PT content
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • Brightmine
    • Learn more
    • Products
    • Free trial
    • Request a quote
  • Webinars
  • Advertise
  • OHW+

Personnel Today

Register
Log in
Personnel Today
  • Home
    • All PT content
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • Brightmine
    • Learn more
    • Products
    • Free trial
    • Request a quote
  • Webinars
  • Advertise
  • OHW+

General Data Protection RegulationData protectionPayroll softwareLatest NewsPayroll

BBC, Boots and BA see employee data hit in cyberattack

by Ashleigh Webber 6 Jun 2023
by Ashleigh Webber 6 Jun 2023 British Airways is among the employers affected by the MOVEit cyber attack. Photo: Shutterstock
British Airways is among the employers affected by the MOVEit cyber attack. Photo: Shutterstock

Employers including the BBC, Boots and British Airways have been affected by a cyberattack that may have seen hackers steal employees’ personal data including national insurance numbers, dates of birth and home addresses.

Last week, hackers from the ransomware group Clop stole data from users of the MOVEit Transfer file-sharing tool.

One of the firms that have been affected is Zellis, which provides payroll services to a number of UK employers. According to reports, eight Zellis customers have seen their data compromised.

Zellis said in a statement: “We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them. All Zellis-owned software is unaffected and there are no associated incidents or compromises to any other part of our IT estate.

MOVEit cyberattack

Dozens of employers affected by Capita data breach

Council publishes staff salaries online in error

Payroll giant SD Worx hit by cyberattack

“Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring. We have also notified the ICO, DPC, and the NCSC in both the UK and Ireland. We employ robust security processes across all of our services and they all continue to run as normal.”

The BBC said it did not believe its employees’ bank details had been stolen, although employee ID numbers and national insurance numbers were compromised.

A BBC spokesperson said: “We are aware of a data breach at our third party supplier, Zellis, and are working closely with them as they urgently investigate the extent of the breach. We take data security extremely seriously and are following the established reporting procedures.”

BA said it has reported the incident to the Information Commissioner’s Office. It said in a statement: “We have been informed that we are one of the companies impacted by Zellis’ cybersecurity incident which occurred via one of their third-party suppliers called MOVEit. Zellis provides payroll support services to hundreds of companies in the UK, of which we are one.

“This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool. We have notified those colleagues whose personal information has been compromised to provide support and advice.”

A Boots spokesperson said: “A global data vulnerability, which affected a third-party software used by one of our payroll providers, included some of our team members’ personal details.

“Our provider assured us that immediate steps were taken to disable the server, and as a priority we have made our team members aware.”

The National Cyber Security Centre said it was working to fully understand the impact of the MOVEit cyberattack on the UK.

“The NCSC strongly encourages organisations to take immediate action by following vendor best practice advice and applying the recommended security updates,” it said.

Christine Sabino, legal director at law firm Hayes Connor, said the group involved in the attack may attempt to extort the employers affected.

She said: “Digital extortion is an act employed by cybercriminals which involves coercing individuals or companies into paying a ransom to regain access to stolen cyber assets.

“Personal information, even in small fragments like names, dates of birth, or national insurance numbers, can lead to identity theft, resulting in financial losses, and reputational damage.

“However, in this case, where there’s a combination of data shared, the risk is maximised for the employees whose data has been exposed.

“It is clear many of the companies involved are taking the incident very seriously, as communication lines with employees affected have already been quite open. That said, for those affected, this will no doubt be a very stressful time, so seeking the support of experts to help mitigate the damage is advised.”

MOVEit’s software maker Progress Software Corporation has made fixes available since it discovered the vulnerability on 28 May.

Sign up to our weekly round-up of HR news and guidance

Receive the Personnel Today Direct e-newsletter every Wednesday

OptOut
This field is for validation purposes and should be left unchanged.

Zellis was formed following Bain Capital’s acquisition of the UK and Ireland division of NGA HR in 2018, which was part of the larger company Northgate Information Solutions.

Latest HR job opportunities on Personnel Today


Browse more human resources jobs

Ashleigh Webber

Ashleigh is a former editor of OHW+ and former HR and wellbeing editor at Personnel Today. Ashleigh's areas of interest include employee health and wellbeing, equality and inclusion and skills development. She has hosted many webinars for Personnel Today, on topics including employee retention, financial wellbeing and menopause support.

previous post
Why embracing big data is HR’s key to the boardroom
next post
UKG buys global payroll provider Immedis

You may also like

‘Polygamous working’ is a minefield for HR

14 May 2025

M&S pauses hiring as it deals with cyber...

2 May 2025

Remote working may have triggered jump in employee...

17 Apr 2025

GMC ‘erases’ records on doctors who change gender

21 Feb 2025

What’s HR’s role in ethical AI adoption?

6 Feb 2025

Top 10 HR questions January 2025: TUPE employee...

4 Feb 2025

LinkedIn accused of using user data to train...

23 Jan 2025

Deliveroo, Just Eat and Uber face calls for...

20 Jan 2025

EU AI Act: What HR needs to know

8 Jan 2025

AI Act comes into force in EU: how...

2 Aug 2024

  • 2025 Employee Communications Report PROMOTED | HR and leadership...Read more
  • The Majority of Employees Have Their Eyes on Their Next Move PROMOTED | A staggering 65%...Read more
  • Prioritising performance management: Strategies for success (webinar) WEBINAR | In today’s fast-paced...Read more
  • Self-Leadership: The Key to Successful Organisations PROMOTED | Eletive is helping businesses...Read more
  • Retaining Female Talent: Four Ways to Reduce Workplace Drop Out PROMOTED | International Women’s Day...Read more

Personnel Today Jobs
 

Search Jobs

PERSONNEL TODAY

About us
Contact us
Browse all HR topics
Email newsletters
Content feeds
Cookies policy
Privacy policy
Terms and conditions

JOBS

Personnel Today Jobs
Post a job
Why advertise with us?

EVENTS & PRODUCTS

The Personnel Today Awards
The RAD Awards
Employee Benefits
Forum for Expatriate Management
OHW+
Whatmedia

ADVERTISING & PR

Advertising opportunities
Features list 2025

  • Facebook
  • Twitter
  • Instagram
  • Linkedin


© 2011 - 2025 DVV Media International Ltd

Personnel Today
  • Home
    • All PT content
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • Brightmine
    • Learn more
    • Products
    • Free trial
    • Request a quote
  • Webinars
  • Advertise
  • OHW+