top of page

MOVEit vulnerability and Zellis data extortion incident

Information about the MOVEit vulnerability that has affected Zellis and its customers, including actions for affected individuals and organisations.

What has happened?

Criminals have exploited a vulnerability in Progress Software’s MOVEit file transfer app, which is used by thousands of organisations around the world. Payroll services provider Zellis have suffered a data breach as a result, with customer data being stolen.

The NCSC is working with Zellis to understand and respond to this incident. We will continue to update this page as more information becomes available.

Who is affected?

The stolen information relates to employees at eight of Zellis's customers, including the BBC, Boots and British Airways. Other, non-UK based organisations have been affected, including Aer Lingus. Again, the information stolen relates to employees of these organisations.

What can I do?

If you work for an affected Zellis customer, and you are concerned about your personal information, follow our guidance below for individuals affected by a data breach. If you are an organisation directly affected by this vulnerability, see our guidance for organisations.

Advice for individuals affected

Anyone who believes their information has been compromised as a result of this incident (staff of the affected organisations) can find out how to protect themselves from the impact of the breach.

Advice for organisations affected

For organisations directly affected, Progress (the vendor of the MOVEit software) has issued best practice advice on mitigating this vulnerability.

Cyber attacks like this that target organisations' supply chains (rather than the organisation directly) are increasingly common. In addition to our well-established Supply chain principles, we have recently provided:

  • Guidance on how to map your supply chain

  • Guidance on how to assess and gain confidence in your supply chain cyber security

  • Free e-learning to help you manage cyber security risk across supply chains

The NCSC's position, along with law enforcement, is that we don’t endorse, promote or encourage the payment of ransoms. Read more in our joint blog with the Information Commissioner's Office (ICO) on why it’s a myth that paying the ransom makes the incident go away.

What if we have been compromised because of this vulnerability?

If you are a UK organisation compromised by this vulnerability, use the government's sign-posting service to report the incident.


bottom of page