MOVEIt hack: Another cyber attack strikes

Another cyber-attack, this time targeting a prominent piece of software, MOVEIt Transfer, that is used to move sensitive data online. The payroll services provider Zellis is one of the companies affected and it said data from eight of its client firms had been stolen.

So far Boots, the BBC and BA have been identified as victims but there could be others. The advice is:

• First check with your IT and HR departments if this technology is deployed. The chances are that the company affected will contact you in any case.
• There is a patch for this newly identified weakness so your IT department should be installing it to prevent any attacks.
• If your company has been a victim identify what if any information may have been captured. Early reports suggest personal details such as dates of birth, addresses, national insurance numbers, staff identity numbers, bank account details etc but not enough to gain access to employees or anyone else’s bank accounts.
• If you are impacted prepare internal communications materials. The general advice is that this information will help phishing expeditions when fraudsters try to dupe people into parting with their money. The information gained from this hack will make these type of approaches look better informed and therefore harder to detect, so be on your guard.
• If anyone feels any online account/platform they use has been compromised and you use the same password for other services make sure you set up new passwords. 
• Finally, the official advice to organisations is not to pay any ransom – cyber attacks are a matter for the criminal authorities.

We should expect further updates from the payroll company concerned and, on the government’s National Cyber Security Centre. 

Chris Tucker is chair of the CIPR Crisis Communications Network where this blog was first published on 6 June. Read the original post.