BA, Boots and BBC among companies given ultimatum over Clop ransomware attack | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Major UK-based companies have less than a week to respond to a cybercrime gang threatening to release the personal details of more than 100,000 staff members.

The Clop group, thought to be based in Russia, posted an announcement on the dark web warning that unless negotiations started, stolen data would be released.

The statement was thought to be aimed at British Airways, Boots, the BBC and other UK-based companies.

Hackers have reportedly obtained details such as National Insurance numbers, bank account data, names and addresses.

The ultimatum follows a cyber attack which saw the gang break into MOVEit, a piece of popular business software. It is believed that hackers were then able to access the databases of hundreds of companies.

Clop did not name specific company targets, but several organisations have said their data could be at risk, including the Irish airline, Aer Lingus, the Nova Scotia Government and the University of Rochester.

The hack prompted security alerts at the US Department of Homeland Security, the UK National Cyber Security Centre, Microsoft and Mandiant, a subsidiary of Alphabet’s Google Cloud.


According to the BBC, Clop set a deadline of June 14, and posted on the dark web: “This is [an] announcement to educate companies who use Progress MOVEit product that chance is that we download a lot of your data as part of [an] exceptional exploit.”

The pharmacy chain, Boots, confirmed it has made its staff aware of the data vulnerability and added that the attack could be a worldwide issue.

“A global data vulnerability, which affected a third-party software used by one of our payroll providers, included some of our team members’ personal details,” a representative said.

“Our provider assured us that immediate steps were taken to disable the server, and as a priority, we have made our team members aware.”

British Airways, which employs around 34,000 people in the UK, also said it had been one of the cyber attack victims.

“We have notified those colleagues whose personal information has been compromised to provide support and advice,” a representative said.

BA suffered a cyber attack five years ago in which the personal and credit details of over 400,000 customers and staff were reportedly hacked.

The Information Commissioner’s Office subsequently fined British Airways £20 million claiming the airline should have identified security weaknesses.

Updated: June 08, 2023, 9:19 AM


Click Here For The Original Source.

National Cyber Security