A group of cybercriminals has given an ultimatum to the targets of a widespread hacking attack which has affected organisations all over the world. The cyber gang shared a dark web notice warning which threatened to publish stolen data unless organisations (including BA, the BBC and Boots) emailed them before 14th June 2023.
The MOVEit Hack
On 5th June, some widely recognised organisations made a public announcement revealing that the personal information of their employees had been breached. Progress Software, a US company, initially revealed that they were targets of the hack, stating that hackers had discovered a method to breach its MOVEit Transfer tool.
MOVEit is a widely used piece of software that helps move important files. It is popular all over the world, with most of its clients based in the US. Some organisations affected by the MOVEit hack include the BBC, British Airways, Boots, and Aer Lingus.
The data breach has been linked to a cybercrime gang known as the Clop Group. The Clop group is suspected to be based in Russia and is notorious for its ruthless extortion techniques.
What Does This Mean for People’s Data?
Zellis, a provider of payroll services, disclosed that data from eight of its client companies had been stolen. Similarly, British Airways (BA), Boots, and the BBC have also acknowledged that sensitive data belonging to their employees was compromised due to the MOVEit hack. As a result, sensitive personal information about staff members, such as national insurance numbers, staff ID numbers, dates of birth, home addresses, and bank details, might have been stolen.
The impact of the data breach has far-reaching consequences. Data breaches that involve personal information can lead to identity theft, loss of privacy (if the information is published), and financial loss.
In addition, data breaches such as the MOVEit hack can cause people to suffer emotional trauma and reputational harm to the victims whose personal information has been compromised. Victims may feel violated, anxious, and stressed knowing that their personal information is in the hands of cybercriminals.
Can a Claim Be Made?
Individuals who have suffered as a result of a data breach may have the right under the General Data Protection Regulation (GDPR), to claim compensation from organisations that were responsible for protecting their personal information. Individuals can claim compensation for both material damage (for example, financial loss) and non-material damage, such as emotional distress or loss of reputation.
The first step would be to complain to the company directly to see if they are able to provide support or compensation. The company should inform you straight away if your data has been compromised, so you should be made aware of this. If you are unsure how to proceed with a compensation claim and you have been advised that your data has been stolen for instance, you may benefit from speaking with an expert such as Johnson Law Group to find out your next steps.