Hackers Issue ‘Ultimatum’ Over Payroll Data Breach

A cybercrime gang reportedly based in Russia has issued “an ultimatum” to British and other companies targeted in a recent large-scale hack of payroll data, the BBC reported on Wednesday.

The Clop group has been blamed by cybersecurity experts for the breach announced last week, which saw payroll data of more than 100,000 staff stolen at firms including the BBC, British Airways and high street pharmacy Boots.

The hacking gang is now said to have posted a notice on the dark web in broken English warning those affected to email them before June 14 or face the private data being published, the BBC said.

“This is announcement to educate companies who use Progress MOVEit product that chance is that we download a lot of your data as part of exceptional exploit,” a blog post purportedly by Clop stated, according to the broadcaster.

It went on to urge victim organizations to send an email to the gang to begin a negotiation on its dark web portal, it added.
Employers are being urged not to pay up if the hackers demand a ransom, it said.

Hackers accessed the data by breaking into a popular business software service called MOVEit and used that access to breach databases of potentially hundreds of companies.

Those also targeted include Irish airline Aer Lingus, the government of the Canadian province Nova Scotia and the University of Rochester in the United States.

The UK’s leading payroll provider Zellis said this week that eight of its customers had been affected by the “global issue”, which may have exposed personal information, including names, addresses, and banking details.

Analysts at Microsoft said on Monday they believe Clop was to blame, based on the techniques used in the hack.

Read: Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations