Aer Lingus is one of a number of global companies caught up in a cyberattack that has compromised employee personal information.
Zellis, a provider of human resources and payroll support services, has alerted a number of its clients, including Aer Lingus, British Airways, Boots and the BBC, that they have experienced a “cybersecurity incident” which has led to the disclosure of current and former employee data, according to an Aer Lingus spokeswoman.
“It has been confirmed that no financial or bank details relating to Aer Lingus current or former employees were compromised in this incident. It has also been confirmed that no phone contact details relating to Aer Lingus current or former employees were compromised.
“The third-party provider has confirmed that the incident has been contained and that they have officially notified the Data Protection Commissioner (DPC) and the National Cyber Security Centre, as has Aer Lingus.
“The company has informed employees of the issue and provided them with advice as well as establishing a dedicated phone line, email address and additional support from our cyber security and data privacy teams.”
Zellis said a “small” number of its customers had been hit by a vulnerability in MOVEit, a file transfer system used by the company.
“We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them,” it said, adding that the UK data watchdog and the National Cyber Security Centre had been informed. It is understood the attack has affected eight Zellis customers in the UK and Ireland.
According to a tweet from Microsoft Threat Intelligence, the attack on MOVEit was carried out by Lace Tempest, a group “known for ransomware operations” and for running an “extortion website” called Clop.
According to Microsoft, “The threat actor has used similar vulnerabilities in the past to steal data & extort victims.”
A spokesperson for MOVEit, which was developed by US firm Progress Software, said it had “corrected” the vulnerability exploited by the hackers. “We are continuing to work with industry-leading cybersecurity experts to investigate the issue and ensure we take all appropriate response measures.” - additional reporting Guardian