The NCSC has released the following information about the MOVEit vulnerability that has affected Zellis and its customers, including actions for affected individuals and organisations. In order to provide consistent advice and guidance in relation to this incident please ensure that you use this information when engaging with individuals and organisations. Please note that this is just a snapshot of the current advice at the moment. Please refer to the ,NCSC webpage to ensure that you always have to most up to date information.

What has happened?

Criminals have exploited a vulnerability in Progress Software’s MOVEit file transfer app, which is used by thousands of organisations around the world. Payroll services provider Zellis have suffered a data breach as a result, with customer data being stolen. The NCSC is ,working with Zellis to understand and respond to this incident. We will continue to update the page as more information becomes available.

Who is affected?

The stolen information relates to employees at eight of Zellis's customers, including the BBC, Boots and British Airways. Other, non-UK based organisations have been affected, including Aer Lingus. Again, the information stolen relates to employees of these organisations.

What can I do?

If you work for an affected Zellis customer, and you are concerned about your personal information, follow our guidance below for individuals affected by a data breach. If you are an organisation directly affected by this vulnerability, see our guidance for organisations.

Advice for individuals affected

Anyone who believes their information has been compromised as a result of this incident (staff of the affected organisations) can find out ,how to protect themselves from the impact of the breach.

Advice for organisations affected

For organisations directly affected, Progress (the vendor of the MOVEit software) has issued best practice ,advice on mitigating this vulnerability.

The NCSC offers extensive ,guidance on preventing and mitigating malware attacks.

Cyber attacks like this that target organisations' supply chains (rather than the organisation directly) are increasingly common. In addition to our well-established Supply chain principles, we have recently provided:

· ,Guidance on how to map your supply chain

· ,Guidance on how to assess and gain confidence in your supply chain cyber security

· ,Free e-learning to help you manage cyber security risk across supply chains

The NCSC's position, along with law enforcement, is that we don’t endorse, promote or encourage the payment of ransoms. Read more in our joint blog with the Information Commissioner's Office (ICO) on why it’s a myth that paying the ransom makes the incident go away.

What if we have been compromised because of this vulnerability?

If you are a UK organisation compromised by this vulnerability, use the ,government's sign-posting service to report the incident.

To stay up to date against the latest threats, please sign up for our ,core membership today.