Employers including the BBC, Boots and British Airways have been issued with an ultimatum by a cyber-crime gang based in Russia after their data was stolen in a cyberattack this week.
The Clop group posted a notice on the dark web warning that it would publish the stolen data – which may include employee payroll details – after they managed to hack into file sharing tool MOVEit.
In the hack, the group were able to access data including national insurance numbers, dates of birth and home addresses. One of the companies affected by the hack was Zellis, which provides payroll services to a number of UK employers.
Data breaches
Dozens of employers affected by Capita data breach
Zellis has confirmed that eight organisations had data stolen as a result. Once it became aware of the cyberattack, it disconnected the server that uses MOVEit and engaged an external security incident response team.
In a blog post in broken English, Clop has given the companies affected until 14 June to email, or the stolen data will be published. This post confirmed this was the group behind the hack, after Microsoft said earlier this week it suspected Clop was to blame.
The group is thought to be based in Russia, and is reported to run a “ransomware as a service” group, hiring out cyberattack tools so attacks can be carried out from anywhere.
It said it would not publish any data from government, city or police services: “Do not worry, we erased your data, you do not need to contact us. We have no interest to expose such information.”
The following companies have all so far indicated that data may have been stolen: BBC, British Airways, Aer Lingus, Boots, the Nova Scotia government in Canada, and the University of Rochester in New York state.
The BBC said yesterday that it was aware of the data breach and was working closely with Zellis to investigate the extent of the breach, while BA said it had notified colleagues whose personal information may have been compromised to “provide support and advice”.
The employers affected are being urged not to pay up if the hacking group demands a ransom.
Steve Herbert from consultancy Partners& argued that HR professionals should get more involved in assessing risk and protecting organisations against such attacks.
He said: “Cyber security experts often point to the ‘human element’ as the inconsistency which – deliberately or accidentally – enables criminals to find an access route into their employer’s computer systems. And, although this latest attack doesn’t appear to be the result of employee actions, it has nevertheless led to the stealing of sensitive employee data as the ultimate objective of criminal activity.
Sign up to our weekly round-up of HR news and guidance
Receive the Personnel Today Direct e-newsletter every Wednesday
“It follows that employees can be the catalyst for such an attack and/or the victims of it, and this makes cyber security very much an HR issue. HR experts may therefore need to become far more involved in implementing policies, procedures, and insurances to minimise these risks across their entire workforce.”
HR business partner opportunities on Personnel Today
Browse more HR business partner jobs
