Don’t like to MOVEit MOVEit.

Posted on June 6, 2023 by henry tapper

Until this week MOVEit was promoted for its secure file transfer software

MOVEit file transfer software has been found vulnerable to Russian hackers . This is how Sky news is reporting the story.

The BBC, British Airways and Boots have been caught up in a cyber incident that has exposed employee personal data, including bank and contact details, to hackers.

A ransonware group named Clop has claimed responsibility for the breaches centered around the MOVEit file transfer software.

In an email to Reuters on Monday, the hackers said “it was our attack” and that victims who refused to pay a ransom would be named and shamed on the group’s website.

Work by Microsoft had earlier suggested that the Russian-speaking ransomware gang was behind the attack.

It emerged last week that a so-called zero-day vulnerability – a flaw – in the file transfer system MOVEit, produced by Progress Software, had been exploited by cyber criminals.

It had allowed the hackers to access information on a range of global companies using MOVEit Transfer.

Thousands of firms are understood to be affected.

This is truly frightening for firms using Zellis payroll software. Zellis provides payroll support services to hundreds of companies in the UK and it has used MOVEit software till it disconnected its servers from it , this week. Too late sadly for the above mentioned firms and to many more waking up to implications of compromising employee’s  staff and national insurance numbers.

A welcome distraction for Capita?

Meanwhile Capita must feel some relief for not being today’s cybersecurity focus. It needs one.

Yesterday we heard that it will be losing its contract to provide pensions administration to the Teacher’s Pension Scheme

Capita’s final extension to the contract was for four years – taking it to October 2025. It was believed to be worth around £15m a year.

Tata Consultancy Services announced this morning that it would be the new operator, having been selected by the Department for Education to ‘administer and enhance’ customer experiences for the Teachers’ Pension Scheme in England and Wales.

I do hope that the change of contract was not a knee-jerk reaction to Capita’s cyber-breach.

We should not throw the baby out with the bathwater , we must make sure that strong well-run businesses are maintained in this country. Our resilience faced with malign ransomware attacks extends to supporting firms who are the victims of them. There but for the grace of God go we.

Perhaps this second major cyber-security breach may demonstrate the vulnerability schemes have not just to their primary but their secondary suppliers. We are almost all in the chain, and it’s a very scary chain when a link gets broken.

About henry tapper

Founder of the Pension PlayPen,, partner of Stella, father of Olly . I am the Pension Plowman
This entry was posted in pensions and tagged , , , . Bookmark the permalink.

Leave a Reply