Zellis and MOVEit Data Breach


It’s really important to keep information safe online, especially for small businesses. An online attack can lead to serious money problems and hurt your business’s good name, which can affect how much your customers trust you. The recent attack on Zellis and MOVEit shows us how risky and complicated the internet can be.

The Incident in Simple Terms

The Incident

Zellis, a UK company that handles payroll, was the victim of a data breach in 2023. The attackers hacked a tool that moves files around called MOVEit, made by a US company called Progress Software. The hackers used this opportunity to steal data from eight of Zellis’s clients. They took sensitive information like national insurance numbers and even some bank details.

Well-known companies like British Airways and the BBC were affected. This proves that every business, whether it’s big or small, can be hit by these online threats.

Breaking Down the Problem

Breaking Down the Problem

The problem with the MOVEit tool was a common cybersecurity mistake known as SQL injection. The hackers used this to trick the tool into giving them private data and even let them get special permissions in the system.

When Progress Software found out about the attack, they quickly told their customers and sent out a security update. A US cybersecurity agency also told businesses using MOVEit to download a security patch to avoid more breaches.

Lessons for Small Businesses

Small Business Lessons

We still don’t know everything about the Zellis and MOVEit data breach. But it’s a strong reminder of how important good online security is. This is especially true for small businesses that use services from other companies or supply chains, as they can be weak points. Regularly updating software and using patches as soon as they’re available is very important for staying safe.

Looking to the future, we need to remember that cybersecurity isn’t just about stopping attacks but also about recovering from them. In a world where online threats are always there, learning from these incidents is just as important as stopping them. By focusing on cybersecurity, small businesses can protect their online spaces and the important data they hold.


LinksTo learn more about this incident, check out these links:

  1. A serious mistake in MOVEit tool used, affecting many businesses
  2. Data theft at Zellis: Staff at British Airways, BBC and Boots affected
  3. BBC, BA and Boots victims of the MOVEit hack
  4. Microsoft says Clop ransomware group is behind MOVEit mass-attacks

Equip yourself with the knowledge to protect your business against cyber threats. Enrol in my: Information Security Awareness: An Introduction for UK SMEs