BA, Boots and BBC among companies given ultimatum over Clop ransomware attack

Companies have less than a week to respond to hackers threatening to release staff information

Some major companies in the UK have less than a week to respond to a threat from a cybercrime gang. Reuters
Powered by automated translation

Major UK-based companies have less than a week to respond to a cybercrime gang threatening to release the personal details of more than 100,000 staff members.

The Clop group, thought to be based in Russia, posted an announcement on the dark web warning that unless negotiations started, stolen data would be released.

The statement was thought to be aimed at British Airways, Boots, the BBC and other UK-based companies.

Hackers have reportedly obtained details such as National Insurance numbers, bank account data, names and addresses.

The ultimatum follows a cyber attack in which the gang broke into MOVEit, a piece of popular business software. It is believed that hackers were then able to access the databases of hundreds of companies.

Clop did not name specific company targets, but several organisations have said their data could be at risk, including the Irish airline, Aer Lingus, the Nova Scotia government and the University of Rochester.

The hack prompted security alerts at the US Department of Homeland Security, the UK National Cyber Security Centre, Microsoft and Mandiant, a subsidiary of Alphabet’s Google Cloud.


According to the BBC, Clop set a deadline of June 14, and posted on the dark web: “This is [an] announcement to educate companies who use Progress MOVEit product that chance is that we download a lot of your data as part of [an] exceptional exploit.”

The BBC is giving its staff free access to the credit score company Experian so that workers can keep an eye on what's happening with their personal data.

"To help colleagues monitor personal information, we have offered 12 months of free identity monitoring services, which are provided by Experian," a BBC representative said.

"This service is called Experian Identity Plus and monitors the web and social networks for stolen information sources and alerts individuals if anything is found."

The pharmacy chain Boots confirmed that it has made its staff aware of the data vulnerability, adding that the attack could be a worldwide issue.

“A global data vulnerability, which affected a third-party software used by one of our payroll providers, included some of our team members' personal details,” a representative said.

“Our provider assured us that immediate steps were taken to disable the server, and as a priority, we have made our team members aware.”

British Airways, which employs about 34,000 people in the UK, said it was also one of the cyber attack victims.

“We have notified those colleagues whose personal information has been compromised to provide support and advice,” a representative said.

BA suffered a cyber attack five years ago in which the personal and credit details of more than 400,000 customers and staff were reportedly hacked.

The Information Commissioner's Office subsequently fined British Airways £20 million ($24.9 million), claiming the airline should have identified security weaknesses.

Updated: June 08, 2023, 10:16 AM