The airline on Monday (5 June) said it was among a number of companies impacted by a cybersecurity vulnerability affected a third-party supplier to its UK-based payroll provider Zellis.
Sky News reports the data includes banking details and contact information, while The Telegraph – citing an email to BA staff seen by the paper – said the details also included names, addresses and national insurance numbers.
BA said it had notified affected employees and, along with Zellis, has reported the incident to the Information Commissioner’s Office (ICO). The carrier currently employs around 34,000 in the UK.
"We have been informed that we are one of the companies impacted by Zellis’ cybersecurity incident which occurred via one of their third-party suppliers called MOVEit," said BA in a statement provided to TTG.
"Zellis provides payroll support services to hundreds of companies in the UK, of which we are one. This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool.
"We have notified those colleagues whose personal information has been compromised to provide support and advice."
BA added its data protection team was working closely with parent company IAG’s group security operations centre to contain the issue and mitigate any misuse of information.
’Global issue’
Zellis said: "A large number of companies around the world have been affected by a zero-day vulnerability in Progress Software’s MOVEit Transfer product. We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them.
"All Zellis-owned software is unaffected and there are no associated incidents or compromises to any other part of our IT estate.
"Once we became aware of this incident, we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring."
According to The Telegraph, eight Zellis companies have been affected. Others include Boots and the BBC.
