In recent days, June 2023, it has been confirmed that the Move It software platform has fallen victim to a significant cyber-attack perpetrated by Russian cyber criminals known as The Clop Group, who have admitted to the “hacking incident” and subsequent theft of 100,000’s of personal information records.
To date, British Airways, Aer Lingus, Boots and BBC have confirmed they have been impacted by the cyber-attack primarily affecting employee sensitive personal data. However, it is thought that several other businesses may have also been impacted.
As the fall out of this significant supply chain cyberattack continues to evolve, the financial value of personal data has been brought into sharp focus. The perpetrators have issued a ransom negotiating deadline of Wednesday 14th June 2023, after which date, they state all stolen data will be published on the dark web in the event ransom payments are not received.
It has been alleged that vulnerabilities in the Move It software allowed the “actors” to infiltrate the platform and identify “users” of the software, and ultimately unlimited access to their client records.
Zellis, a Third-Party Provider of HR and Payroll services in the UK and Ireland has been identified as a user of the Move It software. As a consequence of, the illegal infiltration of the company client base, several thousand employee personal records have been exploited by the Clop Group. It is reported that Zellis provide HR and Payroll services to British Airways, Aer Lingus, Boots and BBC.
The Move It supply chain cyber-attack serves as a reminder to Data Controllers and Data Processors as to the importance of effective management and due diligence on respective supply and vendor chains. Could there be a weak link, lurking within your Supply/Vendor chain? Does the Supply/Vendor chain meet EU GDPR requirements.
For further information on EU GDPR Supply chain management, please visit www.monclaredataprotect.com. or call tel:+353 87 4616012 info@monclaredataprotect.com
8th June 2023
