Victims of MOVEit SQL injection zero-day mount up

Several companies, including the BBC, Boots, and British Airways, reported that they have been victims of a cyber attack. The attack was carried out via a vulnerability in MOVEit software, a file transfer product from Progress Software. The BBC revealed that staff data, including addresses and National Insurance numbers were compromised. This attack was orchestrated via Zellis, an IT service supplier for human resources departments and payroll, impacting a “small number” of clients.