The data breach experienced by the payroll company Zellis affected The BBC, Boots, and British Airways.
The BBC is collaborating closely with Zellis as they urgently examine the scope of the data breach at their third-party supplier after becoming aware of it.
An unauthenticated attacker might take advantage of the SQL injection vulnerability to access the database of MOVEit Transfer without authorization.
The cybersecurity problem at Zellis, which included one of their third-party providers called MOVEit, has been reported to British Airways as having affected them.
Source: https://securityaffairs.com/147119/data-breach/zellis-data-breach-bbc-ba.html
TPRM report: https://scoringcyber.rankiteo.com/company/boots
"id": "boo74919923",
"linkid": "boots",
"type": "Breach",
"date": "06/2023",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Media',
'name': 'The BBC',
'type': 'Media Corporation'},
{'industry': 'Retail',
'name': 'Boots',
'type': 'Retailer'},
{'industry': 'Aviation',
'name': 'British Airways',
'type': 'Airline'}],
'attack_vector': 'SQL Injection',
'description': 'The data breach experienced by the payroll company Zellis '
'affected The BBC, Boots, and British Airways. The BBC is '
'collaborating closely with Zellis as they urgently examine '
'the scope of the data breach at their third-party supplier '
'after becoming aware of it. An unauthenticated attacker might '
'take advantage of the SQL injection vulnerability to access '
'the database of MOVEit Transfer without authorization. The '
'cybersecurity problem at Zellis, which included one of their '
'third-party providers called MOVEit, has been reported to '
'British Airways as having affected them.',
'impact': {'systems_affected': ['MOVEit Transfer']},
'initial_access_broker': {'entry_point': 'MOVEit Transfer'},
'title': 'Data Breach at Zellis Affecting The BBC, Boots, and British Airways',
'type': 'Data Breach',
'vulnerability_exploited': 'SQL Injection'}