Zellis, a payroll provider with clients in Ireland, said it has informed the Irish DPC and NCSC of the Moveit breach.
Some big brands across the UK and Ireland, including Boots, British Airways and the BBC, have been affected by a global cybersecurity incident involving a breach of file transfer service Moveit.
Payroll provider Zellis, which works with many clients across UK and Ireland, confirmed that several of its customers had been impacted by the data breach and that it is “actively working” to support them.
“Once we became aware of this incident we took immediate action, disconnecting the server that utilises Moveit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring,” Zellis wrote in a statement yesterday (5 June).
“We have also notified the ICO, DPC, and the NCSC in both the UK and Ireland. We employ robust security processes across all of our services, and they all continue to run as normal.”
Microsoft has attributed the hack exploiting the Moveit zero-day vulnerability to Lace Tempest, a reportedly Russian-speaking cybercrime group known for similar ransomware operations and running the Clop extortion site.
Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site. The threat actor has used similar vulnerabilities in the past to steal data & extort victims. pic.twitter.com/q73WtGru7j
— Microsoft Threat Intelligence (@MsftSecIntel) June 5, 2023
The so-called Clop team took responsibility for the breach in an email to Reuters, claiming “it was our attack” and that victims who refused to pay the ransom would be named on the website.
A Sky News report suggests the incident affecting thousands worldwide has exposed sensitive employee data, including bank and contact details, to the hackers.
A Moveit spokesperson told SiliconRepublic.com that the company took swift action upon discovering the vulnerability by launching an investigation and alerting customers about the issue.
“We disabled web access to Moveit Cloud to protect our cloud customers, developed a security patch to address the vulnerability, made it available to our Moveit Transfer customers and patched and re-enabled Moveit Cloud, all within 48 hours,” the spokesperson said.
“We are continuing to work with industry-leading cybersecurity experts to investigate the issue and ensure we take all appropriate response measures. We have engaged with federal law enforcement and other agencies with respect to the vulnerability.”
According to Oz Alashe, CEO of CybSafe, the Moveit data breach is an example of “how far-reaching and impactful” individual cyber incidents can be.
“Organisations need to do more to stress the importance of cybersecurity across all partnerships. While technical solutions are important, equal emphasis should be placed on how we view cybersecurity from a human, behavioural perspective,” he said.
Alashe said that organisations need to target “specific security behaviours” that make individuals vulnerable to attacks.
“Businesses are increasingly becoming the new battlefield for cyber warfare. Organisational leaders must understand that cybersecurity isn’t just an IT issue, but a business-wide one, and people must be at the centre of the solution.”
Updated, 8.15am, 8 June 2023: This article has been updated to include a statement from a Moveit spokesperson.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.