MOVEit supply chain attack exposes raft of personal data for UK employees

On Monday 5 June, British Airways, Boots, and the BBC all confirmed that they had been impacted by a cyberattack against UK-based payroll provider Zellis, exposing the personal data of thousands of employees.

The data breach exploited the recently discovered zero-day vulnerability (CVE-2023-34362) in the popular file transfer software, MOVEit. Microsoft have since attributed the breach to the ransomware group Cl0p, stating the threat actor has "used similar vulnerabilities in the past to steal data and extort victims". Cl0p have claimed responsibility for multiple high-profile ransomware attacks in recent times, including a similar zero-day vulnerability exploiting Fortra’s GoAnywhere file transfer software back in February this year – impacting organisations such as Procter & Gamble, Hitachi and Virgin, and local governments in Toronto and Tasmania.

Security researchers believe that the MOVEit vulnerability is still actively being exploited and that attackers may have been using the zero-day for a number of weeks. As a result, the UK's National Cyber Security Centre (NCSC) and U.S.’ cybersecurity agency (CISA), have urged organisations to take immediate action and apply the recommended security updates released through MOVEit's parent company, Progress Software.

By Wednesday 7 June, Cl0p issued an ultimatum to all victims of the hack to begin negotiating with the group by 14 June via their own darknet portal, before publishing the stolen data online.

With a large global footprint (both Zellis and MOVEit provide services for a wide range of public and private entities in the UK and U.S.), it is likely that more organisations will disclose breaches in the coming weeks. Whilst the full scale of the attack is currently unclear, the incident is a timely reminder to all organisations to place supply chain security at the forefront of their cyber risk management processes.

AnotherDay will continue to monitor the situation and support any impacted clients. However, if your organisation or an organisation in your supply chain is using MOVEit software, it is crucial that you take immediate steps to patch your relevant systems, as well as continuously monitor your network, endpoints & security logs for any indicators of compromise.

If you have any questions or concerns regarding this developing situation, you can reach out to our team here.