Cyber Attack on MOVEit: Wake-up Call for Payroll Providers

By Shilpa Annie Joseph, Official Reporter
  • Follow author on
MOVEit hack
Rep. Image | Pete Linforth @ Pixabay

Organizations globally, including giants such as the BBC, British Airways, Boots, and Aer Lingus, are currently grappling with a massive data breach.

Hackers have exploited a vulnerability in MOVEit Transfer, a widely-used software tool for secure data transfers, leading to the potential theft of sensitive staff data, such as national insurance numbers and bank details.

The extensive hack, which infiltrated numerous organizations simultaneously, rings alarm bells for payroll providers worldwide. The UK payroll services provider, Zellis, revealed that data from eight of its client firms had been compromised, although it declined to disclose any names.

“Once we became aware of this incident, we took immediate action, disconnecting the server that utilizes MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring. We have also notified the ICO, DPC, and the NCSC in both the UK and Ireland. We employ robust security processes across all of our services and they all continue to run as normal,” Zellis said in a statement.

Progress Software, the US-based company behind MOVEit Transfer, first exposed the hack last week. The company alerted its customers promptly and rolled out a downloadable security update to address the vulnerability. The software is immensely popular around the world, making the impact of this breach potentially vast.

While no ransom demands have been reported, experts anticipate that the hackers are likely to start demanding payment from the affected organizations, threatening to publish stolen data online.

The US Cybersecurity and Infrastructure Security Agency, alongside the UK’s National Cyber Security Centre, are closely monitoring the situation. They urge organizations using the compromised MOVEit software to implement security updates promptly. However, a lingering concern remains as many firms are yet to install the security patch, leaving thousands of databases potentially exposed.

Microsoft has linked the attack to the notorious Cl0p ransomware group, believed to be based in Russia. The hackers have reportedly used similar techniques in previous data thefts and extortion attempts, amplifying the severity of the current threat.

Mr. John Shier, a representative from cybersecurity company Sophos, cautions that “this latest round of attacks is another reminder of the importance of supply chain security,” signaling a wake-up call for all payroll providers to review their security protocols.

The incident underscores the urgent need for continuous updates and maintenance of security systems to fortify against escalating cyber threats. Payroll providers worldwide must heed this call to action and take decisive steps to protect the sensitive data they handle.

Related: ITU-ARCC & Huawei unite to promote PPPs in cybersecurity