Yahoo Sport 
Firms warned not to give in to blackmail threats after Russia-linked payroll data hack
Thousands of firms that had payroll data hacked by criminals in a “global heist” were on Tuesday warned not to give in to blackmail threats.
Russia-linked ransomware group Clop claimed responsibility for the cyber attack, which hit companies including British Airways, the BBC and Boots on Monday.
Hackers targeted a flaw in the MOVEit file transfer software, which is widely used in the corporate world including by UK-based payroll provider Zellis.
Professor Ciaran Martin a former head of cyber security at GCHQ who set up the National Cyber Security Centre, said victims could be more susceptible to “sophisticated identity fraud” but companies should not pay the criminals to stop the stolen data being leaked online.
He told BBC Radio 4: “It looks like the BBC, Boots, BA and others are caught up in a very significant global data heist...This group of criminals are going to have massive amounts of personal data, sadly, and they’re going to look through it and see what is most extortable.
“They will then come to organisations and threaten them with publication of this data if they don’t pay. So they’ll look for the most damaging data and the strong advice will be to the organisations not to pay.
“What they might do, then more covertly is they might seek to monetise this data. It’s unlikely, certainly in the case of organisations like the BBC, to be something that you could just take and empty your bank account.
“But it does leave those affected more susceptible to sophisticated identity fraud, so they might try to develop techniques for scamming and so forth.
“So they’ll seek to monetise the data and what’s really important is that we do everything we can not to let them.”
Zellis did not name its clients caught up in the attack.
However, BA, the BBC and Boots confirmed their employees were among the victims.
The airline employs 34,000 people in the UK. Boots has around 52,000 British workers.
The broadcaster said it does not believe its employees’ bank details have been exposed, however their company ID and national insurance numbers were compromised.
