MOVEit & Zellis data security attack puts thousands of employees at risk

ramsac cybercovid 1 e1585644078953

In case you missed it, last week the news headlines once again featured a serious data breach, with the revelation that the personal information of thousands of employees’ personal data had been breached in planned attack on the data of Zellis, an outsourced payroll company.

In brief, Zellis are a payroll company that provide an outsourced service to some pretty large organisations, including the BBC, British Airways and Boots. They use a piece of software called MOVEit, for transferring files between themselves and their clients.

It has been reported that Cybercriminals are exploiting a zero-day vulnerability in MOVEit, to perform a mass download of data. Data stolen includes staff ID numbers, dates of birth, home addresses, national insurance numbers and banks details.

A zero-day vulnerability is a flaw in a system or application that there is no defense against because the system or application maker is unaware it exists.

Zellis have confirmed that data was stolen from 8 of its client firms. The BBC have informed employees that their personal data was stolen, while staff of British Airways were informed their bank details may have been stolen. Many other organisations have been impacted by this attack and the numbers are expected to rise. It is not confirmed who is behind this attack, but there is speculation that notorious Cl0p ransomware group, thought to be based in Russia, may be behind it according to Microsoft.

An updated version of the MOVEit software has been released and the National Cyber Security Centre has urged organisations using this software to carry out security updates as soon as possible. However, an internet scan revealed that thousands of company databases are still vulnerable because they haven’t been updated according to reports.

Attacks like these are a reminder that all of us need to have strong security resilience in place. It is essential that you

  1. Have an understanding of your supply chain. Your company data doesn’t just reside in your own system, you likely share data via your supply chain, be that professional advisors, outsourced service providers, or even your IT suppliers. Our recent blog gives more information on how to audit your supply chain
  2. Ensure that someone in your business is receiving daily alerts about zero day threats and is ascertaining if you need to take immediate action. Our secure+ service provides this service on your behalf.
  3. Have a plan for emergency patching when new vulnerabilities are released
  4. Have a plan for ongoing patching and software updates which should happen across all platforms at least once a month
  5. It is important that organisations have Cyber Incident Response Plans (CIRP) in place that outlines procedures and guidelines for responding to any potential cyber incidents that may occur within an organization such as this MOVEit cyber breach. This plan should not only highlight steps to recover from cyber-attacks but should also detail how to communicate with internal and external stakeholders

If you believe your data may have been impacted by this breach, the National Cyber Security Centre have issued guidance, available at https://www.ncsc.gov.uk/guidance/data-breaches

Brochure: secure+ from ramsac

secure+ is a proactive cybersecurity monitoring service designed to hunt for signs of malicious activity or potential cyberbreach, ramsac then takes action to prevent damage from being done.

Related Posts

  • Happy Birthday secure+: How our cybersecurity solution has detected over 8000 cybersecurity alerts in one year

    Happy Birthday secure+: How our cybersecurity solution has detected over 8000 cybersecurity alerts in one year

    Cybersecurity

    secure+ has detected and responded to over 8000 security alerts in its first year [...]

    Read article

  • MFA Fatigue: Multi-Factor Authentication (MFA) is best practice, but it’s not risk free.

    MFA Fatigue: Multi-Factor Authentication (MFA) is best practice, but it’s not risk free.

    Cybersecurity

    MFA Fatigue is a problem organisations need to be aware of, in this blog we break down why and what organisations can do to combat it. [...]

    Read article

  • Data Protection Day – Protecting your information on social media.

    Data Protection Day – Protecting your information on social media.

    Cybersecurity

    The 28th of January is Data Protection day, to mark this day we have created a blog with tips on how people can keep their personal data safe on [...]

    Read article

  • Cybersecurity – The importance of Testing & Training

    Cybersecurity – The importance of Testing & Training

    Cybersecurity

    Many organisations offer cybersecurity training to their staff, but training and testing as a combined strategy provides a much stronger defence against cybercrime. [...]

    Read article

  • Man-in-the-Middle (MITM) attack – Cyber secure series

    Man-in-the-Middle (MITM) attack – Cyber secure series

    Cybersecurity

    Man-in-the-middle attacks mean an attacker has intercepted communications between two people and has altered them in some way. Learn more today. [...]

    Read article

  • Data Protection and Innovation: The Role of the ICO Regulatory Sandbox in the UK

    Data Protection and Innovation: The Role of the ICO Regulatory Sandbox in the UK

    Cybersecurity

    In this blog, we'll explore the concept of the ICO Regulatory Sandbox and its objectives in the data protection landscape in the UK [...]

    Read article