Payroll services provider Zellis, which provides services to hundreds of companies in the UK, has been the victim of a cyber-attack that exposed employees' personal data, including bank and contact details. The attack was first revealed at the end of May, when US-based Progress Software published that cyber attackers had found a way to access its MOVEit Transfer tool.
The cybercriminals had exploited a 0day vulnerability in the MOVEit file transfer system, one of Zellis' vendors. The ransomware group Clop claimed responsibility for the attack.
Zellis later confirmed that eight of its customers were among those affected. It did not name the organisations; however, British Airways, the BBC and Boots confirmed that they had also been affected.