Following the disclosure of the MOVEit cyberattack, the Cl0p group released a notice on the dark web instructing affected individuals to engage. However, Christine Sabino, Legal Director at Hayes Connor, a leading UK law firm specialising in data breaches, advises victims to not interact with the group.
In the wake of a malicious cyber-attack targeting the MOVEit file transfer software, numerous well-known brands have fallen victim, leading to the exposure of sensitive data and placing their employees at risk of identity theft and other serious consequences.
The Cl0p group has since confirmed their involvement and has instructed affected individuals to email them before June 14th to avoid the publication of stolen data.
A detailed blog post with poor English was discovered by the BBC which aims to inform companies using the Progress MOVEit product that their data may have been downloaded. It further encourages affected organisations to initiate negotiations to the gang through their darknet portal.
British Airways, the BBC, and Boots have emerged as prominent victims in the aftermath after using Zellis, a reputable UK-based human resources software and payroll provider. As a result, their payroll data has been compromised.
Christine Sabino urges affected parties to not engage with the Cl0p group, emphasising the potential for further harm that such interactions may bring.
Christine says, 鈥Given the severity of the MOVEit data breach, it is crucial that victims exercise caution and refrain from any form of engagement with the hackers. Interacting with these individuals can potentially exacerbate the situation and expose victims to further harm.
鈥淚t is strongly advised to seek professional legal assistance and cooperate with the ICO and the police to mitigate the impact of the breach and protect the affected parties鈥.
Christine believes the incident serves as a stark reminder of the risks posed by cyberattacks and the urgent need for robust data protection measures.
The exact scope of the breach and the specific number of affected employees has not been disclosed. However, both the BBC and Boots, which are large organisations with 50,000 staff, have confirmed being impacted by the breach.
More from News
- World Quantum Day 2026: Experts Reflect On Industry Developments This Year
- 79% Of UK Workers Fear Losing Their Jobs This Year – And Its Not AI Related
- Scail Launches To Help Regulated SaaS Businesses Navigate The AI 鈥淧erfect Storm鈥
- X Is Taking A Slightly Different Approach To Managing Click Bait Content – Will It Work?
- AI Is Meant To Reduce Workloads, Why Is It Still Causing Workers Cognitive Fatigue?
- Apple Wins Q1 As Smartphones Shipments Go Up And Competitor Sales Go Down
- Can Travellers Expect Lower Flight Prices After The Ceasefire?
- Gen Z Consumers Face The Highest Online Fraud Risks – How Are They Staying Protected?
It is also confirmed that a mixture of details, including company IDs, national insurance numbers, contact details, and bank details, may be exposed. Alone, the exposure of these individual components may not necessarily pose too much danger, but together they paint a picture of a person鈥檚 life, putting victims at huge risk of exploitation, leading to financial loss and emotional turmoil.
Christine anticipates that the ransomware gang behind the recent breach may engage in digital extortion, leveraging the stolen data for malicious purposes.
She explains, 鈥Digital extortion, is an act employed by cybercriminals that involves coercing individuals or companies into paying a ransom in exchange for regaining access to stolen cyber assets.
鈥淭hese assets encompass personal information, critical business operations, or financial interests, including documents and database files. The exploitation of such data through data breaches can lead to dire consequences for both individuals and organisations.
鈥淧ersonal information, even in small fragments like names, dates of birth, or national insurance numbers, can lead to identity theft, resulting in financial losses, and reputational damage. However, in this case, where there’s a combination of data shared, the risk is maximised for the employees whose data has been exposed. 聽
鈥淚t is clear many of the companies involved are taking the incident very seriously, as communication lines with employees affected have already been quite open. That said, for those affected, this will no doubt be a very stressful time, so seeking the support of experts to help mitigate the damage is advised.
鈥淲hat鈥檚 more, in light of this alarming incident, it is crucial for businesses to implement stringent data security measures and maintain transparency with their customers, partners, and employees. By doing so, organisations can mitigate risks, safeguard sensitive data, and demonstrate their commitment to protecting individuals’ privacy.
鈥淭here are so many moving parts, and a number of different parties involved, that it makes it tricky to ascertain who is to blame, and who will ultimately bear responsibility, at this early stage.鈥
