A Russia-linked ransomware gang responsible for a global cyber attack that has led to 5,000 Aer Lingus staff having their data stolen may have acquired enough information for identity theft, a leading cybercrime expert has warned.
US company Progress Software revealed last week hackers had found a way to compromise the MOVEit Transfer software which is used by many large companies to send sensitive files securely. The attack is reportedly orchestrated by a prolific Russian cyber-crime gang known as Clop – known for extorting industrial organisations with ransomware attacks.
Now, payroll provider Zellis has since confirmed eight of their clients have been affected and Aer Lingus is among them.
British Airways, the BBC and Boots staff have also been compromised. The compromised data consists of employee number, title, name, date of birth, address line 1, email address, start date and end date of employment, and in the majority of cases, PPS/Social Security numbers.
“It has been confirmed that no financial or bank details relating to Aer Lingus current or former employees were compromised in this incident,” Aer Lingus said in a statement. “It has also been confirmed that no phone contact details relating to Aer Lingus current or former employees were compromised.
“The third-party provider has confirmed that the incident has been contained and that they have officially notified the Data Protection Commissioner (DPC) and the National Cyber Security Centre, as has Aer Lingus. All current employees have been impacted and a significant number of former employees have been impacted.
It said it has told employees of the issue and “provided them with advice, as well as establishing a dedicated phone line, email address and additional support from our cyber security and data privacy teams”.
Now, Urban Schrott, IT Security and Cybercrime Analyst at ESET Ireland, has said “Theoretically there could be enough information for the cyber criminals to use for identity theft.
“But, it’s a question whether the information they have is detailed enough for the level of security that banks and other companies have implemented though,” Mr Schrott told the Mirror. “Years ago the security was a lot more lax so they could get away with a few emails and impersonating someone.
“Now institutions have a lot more security in place so it’s more difficult for the cyber criminals to get in. But theoretically if it’s a smaller bank or some other loaning institutions that don’t have top tier security levels they could be conned and people’s identity be taken over.
“The organised crime gang CLOP is always looking for ways to make money, that’s their business model.
“So they could try to scam the victims themselves by trying to take over their emails, their social media, possibly knowing some details about them and trying to guess their passwords, the majority of passwords are still the word password.
“It’s not that hard to get into people’s Gmail accounts and once they get into them they can change their passwords and all their other services if they have email address
“They could do scams like pretending to be person A sending an email to a friend of that person that person A is stuck abroad and needs some money to be sent to them and person B thinks they are helping a friend and they send some money and later discover it was a scam.
“These organised crime gangs are always trying to come up with scams whichever way they go, try to impersonate the person and target someone else or try to target the victim themselves with various scams,” he said.
CLOP has previously claimed to have infiltrated and stolen data from a number of large organisations and the cyber-criminals typically leak some of the material they plunder on the dark web if their ransom demands are not met
Join our new WhatsApp community! Click this link to receive your daily dose of Dublin Live content. We also treat our community members to special offers, promotions, and adverts from us and our partners. If you don’t like our community, you can check out any time you like. If you’re curious, you can read our Privacy Notice.
Sign up to the Dublin Live Newsletter to get all the latest Dublin news straight to your inbox.