BCC and British Airways have confirmed that their employees’ personal data has been exposed in a data breach at their payroll provider, Zellis.
Why it matters: The breach occurred through a cyber incident involving a third-party supplier called MOVEit, which had a zero-day vulnerability being exploited by hackers. Zellis has disconnected the affected server and engaged external security experts to investigate the incident.
- While the extent of the breach is still being investigated, it is believed that employees’ bank account details were not compromised.
- Other companies relying on Zellis for payroll services, including Jaguar Land Rover, Iceland, Dyson, Aer Lingus, and Boots, may also be affected.
- The company has notified data protection authorities and cyber security centers in the UK and Ireland.