UK Regulator ‘Ofcom’ Victim of Cyberattack

Ofcom is the regulator of broadcasting, telecommunications, and postal industries in the United Kingdom.

Recently, Ofcom confirmed that it was the target of a cyberattack by hackers tied to a Russian ransomware group.

Personal data from employees was downloaded during the attack alongside data from some of the companies Ofcom regulates.

A few of those affected are the BBC, British Airways, Boots, and plenty of others.

The Breach

During the attack, software called MOVEit was breached.

MOVEit was designed to move sensitive files securely.

Files like employee addresses, bank details, etc.

Many companies across the globe use MOVEit to securely move private data.

Ofcom said that they had alerted all the companies affected that they regulate “swiftly”.

The regulator then referred to the Information Commissioner’s Office (ICO) regarding the breach.

The ICO upholds information rights in the public interest.

They promote data privacy for individuals.

The ICO also reports directly to the Parliament of the United Kingdom.

No payroll data was taken during the attack.

The Response

Ofcom said, “A limited amount of information about certain companies we regulate – some of it confidential – along with personal data of 412 Ofcom employees, was downloaded during the attack,”

 They continued, “We took immediate action to prevent further use of the MOVEit service to implement the recommended security measures. We also swiftly alerted all affected Ofcom-regulated companies, and we continue to offer support and assistance to our colleagues.”

Ofcom also said that none of its own systems had been compromised.

Transport for London told the BBC that they had also been affected by this attack.

Transport for London operates London’s public transport.

They said that one of their contractors was the victim of a data breach.

Saying “The issue has been fixed and the IT systems have been secured. The data in question did not include banking details and we are writing to all of those involved to make them aware of the incident”.

This breach didn’t relate to passenger data and Transport for London reported the breach to the ICO.

Ernest & Young an accountancy firm was also a victim of this attack.

Once they knew of the issue with MOVEit they “immediately launched an investigation into our use of the tool and took urgent steps to safeguard any data”.

They also added “We are manually and thoroughly investigating systems where data may have been accessed. Our priority is to first communicate to those impacted, as well as the relevant authorities. Our investigation is ongoing.”

Although they also said that most of their systems that used the MOVEit software were unaffected.

The Attack

This attack was a supply-chain attack.

Supply-chain attacks damage companies by targeting weaknesses in their supply chain.

The first discovery was by Progress Software a US-based company that said that hackers found a way to break into its MOVEit software.

There was a security flaw that had been exploited by hackers to gain access to many companies.

Companies that don’t use MOVEit were affected because they had third-party arrangements.

The BBC was affected by this due to Zellis.

Zellis is the company that the BBC uses to process their payroll, and Zellis used MOVEit.

A few of the previously mentioned companies that were affected used Zellis including British Airways and Boots.

They are alongside another airline, Aer Lingus and a few other companies.

The attackers are the Clop ransomware group which is believed to be based in Russia.

Clop has threatened to publish the data of companies that don’t email them to start negotiations.

The victims of these attacks are encouraged not to pay as it only helps grow the criminal enterprise and the data could easily be used for another attack.

It is believed that the data of organisations will have their data put out to Clop’s darknet site soon.

If you need help protecting your business from cyber attacks, contact us at Itek.