Russian-speaking hackers have taken responsibility for a massive hack that exposed employee data at British Airways and the BBC and forced US and UK cybersecurity officials to scramble for solutions.
The ransomware gang known as CLOP claims to have “information on hundreds of companies”. According to a dark web message, they have given victims until June 14 to talk about a ransom before they start revealing data from companies they claim to have hacked.
An already urgent security crisis that has prompted responses from tech companies, corporations, and governmental organizations from the US to Canada and the UK is given even more urgency by the prospect of extortion.
The compromise of employee data at the BBC and British Airways came via a breach of a human resources firm, Zellis, that both organizations use.
“We are aware of a data breach at our third-party supplier, Zellis; and are working closely with them as they urgently investigate the extent of the breach,” a BBC spokesperson said. The spokesperson declined to comment on the hackers’ extortion threat.
A British Airways spokesperson said the company had “notified those colleagues whose personal information has been compromised to provide support and advice”.
The hackers are a well-known group whose preferred malware first surfaced in 2019. Last week, they started taking advantage of a new vulnerability in the widely used file-transfer program MOVEit. They appeared to target as many vulnerable businesses as they could. Due to the hack’s opportunistic character, several different organizations were left open to extortion.
The MOVEit software is utilized by several state governments in the US; although it is unknown how many of these states have been infiltrated.
In light of the incident, the US Cybersecurity and Infrastructure Security Agency has mandated that all federal civilian entities upgrade the MOVEit software. There has been no confirmed victimization of federal agencies.