In May 2023, Russian ransomware gang C10p (otherwise known as Clop) began abusing a vulnerability in the MOVEit file transfer platform owned by Progress Software. The widespread attack saw data stolen from governments, financial institutions, and other public and private organisations across the world. The breach is thought to be the biggest hack of 2023.
According to one source, 2,770 organisations have reported being attacked, with data thefts affecting more than 94 million people (as of 29 April 2024).
In the UK, thousands of people are now at risk because of the MOVEit breach. Because it used MOVEit, UK payroll company Zellis was one of those impacted by the security violation. Zellis provides services to hundreds of companies in the UK. Many of its clients are caught up in the breach.
Affected Zellis clients include (but are not limited to) BA, BBC, Boots and DHL. The personal data of current and former employees of these companies could be at risk because of the MOVEit cyber-attack.
Several other UK-based organisations have confirmed their involvement in the breach, or had their involvement confirmed by hackers. These companies include Transport for London, Ofcom, Shell, Ernst & Young, AON, PwC, MS Amlin, Digital Insight Technologies Ltd, De La Rue and Level 8 Solutions. As some of these organisations held personal data provided by other companies, the domino effect of the MOVEit data breach keeps going.
Are you affected by the MOVEit data breach?
Affected companies should be in touch to notify employees and customers if they are involved in this breach. If you do not receive this notification, it is unlikely that you are affected. If you have received notification of your involvement, you should take steps to protect yourself.
Consumer credit reporting company Experian has provided some advice to help people involved in the MOVEit data breach boost their defences. This advice includes:
- Freezing your credit limit to stop identity thieves from opening accounts in your name
- Changing important passwords and login information
- Using a free password manager to help you create authentic passwords that are hard to crack
- Implementing multifactor authentication
- Requesting a fraud alert with the national credit bureaus (Experian, TransUnion and Equifax) to make it difficult for fraudsters to open a credit account in your name. You only need to initiate one alert for it to be placed on all three credit reports
- Keeping an eye on your bank accounts and credit cards for any activity you don’t recognise
- Contacting financial institutions immediately if you spot any activity you do not recognise
- Protecting your identity with a robust identity theft monitoring and dark web surveillance plan.
What to do now
If you are affected by the MOVEit data breach you could have a no-win, no-fee data breach compensation claim. Our simple eligibility checker provides instant clarity. Answer a few straightforward questions, and you’ll know if you could qualify to join a group action claim.
If you do have a claim, register your interest and we’ll keep you updated with developments in this case.