More organisations affected by Zellis/MoveIT data breach


Earlier this week, we reported that UK payroll provider Zellis had been affected by a huge data hack. And, as more details come to light about this breach, it becomes clear that more organisations were affected than was first thought.

The breach happened when hackers – believed to be part of the ‘Clop’ Russian crime group – exploited a security flaw in the MOVEit file transfer software. MOVEit claims to provide secure and compliant file transfers for sensitive data within and between organisations. The breach affects several global organisations that use this software – including Zellis.

Clop has claimed responsibility for the hack, stating that: “This is announcement to educate companies who use Progress MOVEit product that chance is that we download a lot of your data as part of exceptional exploit.”

Which organisations are affected?

MOVEit is – which is supplied by Progress Software – is used by companies across the world. So the scale of this data breach could be huge.  

In the UK, Zellis has confirmed that eight of its clients have had data stolen because of the data breach. Fo some, this information includes home addresses, national insurance numbers and bank details. 

The following Zellis clients have all confirmed that they have been affected by the data breach.  

  • The BBC. The BBC has confirmed that it is among those to have been affected. 
  • British Airways. 34,000 UK employees could have had their bank, contact details, and national insurance numbers accessed by hackers.   
  • Aer Lingus. Aer Lingus is one of the companies caught up in the cyberattack. According to Aer Lingus, no financial or bank details relating to Aer Lingus current or former employees were compromised in this incident. 
  • Boots. Boots said it had been affected by the data breach. Boots has 50,000 staff.   

In addition, the following organisations may also have data stolen by Russian cybercriminals: 

  • Nova Scotia Government. 
  • The University of Rochester. 

You can find out more about the MOVEIT/Zellis data breach here. 

Claim compensation for the Zelis data breach

Our cyber experts are investigating the breach to find out what happened, which organisations are involved, and how the breach affects their employees. 

If you live in England & Wales and receive notification that you are affected by this data breach, register below to make a no-win, no-fee compensation claim. 

Crucially, an employer cannot fire you or harm your career in any way if you make a claim. They would be breaking employment law if they did, and any action could be classed as discrimination. 

In March 2024, our firm changed its name to KP Law. 

Share this article: