Media watchdog Ofcom latest victim of mass hack

Media watchdog Ofcom has confirmed that it is simply a unfortunate of a cyber-attack by hackers linked to a notorious Russian ransomware group.

Confidential information astir immoderate companies regulated by Ofcom, and idiosyncratic accusation from 412 employees was downloaded during the wide hack.

A fig of firms, including British Airways, the BBC and Boots, person been affected by the bundle breach.

Ofcom said it had "swiftly" alerted each the companies that it regulates.

The media watchdog says it has referred the substance to the information and privateness watchdog, the Information Commissioners Office (ICO).

The BBC understands that nary payroll information was affected.

"A constricted magnitude of accusation astir definite companies we modulate - immoderate of it confidential - on with idiosyncratic information of 412 Ofcom employees, was downloaded during the attack," said Ofcom.

"We took contiguous enactment to forestall further usage of the MOVEit work and to instrumentality the recommended information measures. We besides swiftly alerted each affected Ofcom-regulated companies, and we proceed to connection enactment and assistance to our colleagues."

It said that nary of its ain systems were compromised during the attack.

Accountancy steadfast Ernst and Young (EY) besides told the BBC it was a victim.

As soon arsenic it became alert of the occupation with MOVEit the steadfast "immediately launched an probe into our usage of the instrumentality and took urgent steps to safeguard immoderate data".

It said the immense bulk of its systems were unaffected but added: "We are manually and thoroughly investigating systems wherever information whitethorn person been accessed.

"Our precedence is to archetypal pass to those impacted, arsenic good arsenic the applicable authorities. Our probe is ongoing."

The hack is known arsenic a "supply-chain attack".

It was archetypal disclosed erstwhile US institution Progress Software said hackers had recovered a mode to interruption into its MOVEit Transfer tool.

MOVEit is bundle designed to determination delicate files securely and is fashionable astir the world. A information flaw successful the programme was exploited by hackers to summation entree to a fig of companies.

Some organisations that bash not adjacent usage MOVEit are affected due to the fact that of third-party arrangements.

The BBC, for example, has had information from existent and past employees stolen due to the fact that Zellis, a institution that the broadcaster uses to process the payroll, utilized MOVEit and fell victim.

It is understood 8 companies that usage Zellis are affected, including the airlines British Airways and Aer Lingus, arsenic good the retailer Boots. Dozens of different UK companies are thought to beryllium utilizing MOVEit.

The criminals liable for the hack are linked to the notorious Clop ransomware group, thought to beryllium based successful Russia.

They person threatened to statesman publishing information of companies that bash not email them to statesman the negotiations by Wednesday.

BBC cyber analogous Joe Tidy said the radical is well-known for carrying retired its threats and it is apt that organisations volition person backstage information published connected the gang's darknet website successful the coming weeks.

He said it is usually the lawsuit that if a unfortunate does not look connected Clop's website, they whitethorn person secretly paid the radical a ransom which could beryllium hundreds of thousands oregon adjacent millions of dollars worthy of Bitcoin.

Victims are ever encouraged not to wage though arsenic it fuels the maturation of this transgression endeavor and determination is nary warrant that the hackers volition not usage the information for secondary attacks.