British Airways, BBC and Boots among firms hit by cyber security hack
The BBC, British Airways and Boots are among the firms hit by a cyber attack, leaving the personal details of some UK staff compromised.
It has emerged a flaw in the file transfer system MOVEit had been exploited by cyber criminals.
The vulnerability allowed hackers to gain access to information from firms around the globe who make use of the transfer software.
It is understood that thousands of firms have been affected.
Payroll provider Zellis has confirmed that eight of its clients were among those affected, with The BBC, British Airways (BA) and Boots stating that some of their employees have been involved.
A BA spokesman said: "We have been informed that we are one of the companies impacted by Zellis' cybersecurity incident which occurred via one of their third-party suppliers called MOVEit.
"Zellis provides payroll support services to hundreds of companies in the UK, of which we are one.
"This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool. We have notified those colleagues whose personal information has been compromised to provide support and advice."
The airline employs around 34,000 people in the UK, while Boots has around 50,000.
A Boots spokesperson said: “A global data vulnerability, which affected a third-party software used by one of our payroll providers, included some of our team members’ personal details. Our provider assured us that immediate steps were taken to disable the server, and as a priority we have made our team members aware.”
A BBC spokesperson said: “We are aware of a data breach at our third party supplier, Zellis, and are working closely with them as they urgently investigate the extent of the breach.
"We take data security extremely seriously and are following the established reporting procedures.”
Want a quick and expert briefing on the biggest news stories? Listen to our latest podcasts to find out What You Need To Know.