The hackers exploited a flaw in the MOVEit Transfer application, used by companies such as payroll provider Zellis to transfer documents. Zellis has said eight of its client firms have been affected by the breach.
Although no official attribution has been made, Microsoft said it believed the criminals responsible are linked to the notorious Cl0p ransomware group, thought to be based in Russia. The company said the hackers responsible have used similar techniques in the past to steal data and extort victims.
The victims of the hack include private companies such as the BBC, Boots, British Airways and Aer Lingus, as well as public bodies such as the government of Nova Scotia, in Canada.
Companies affected were warned that their staff's personal data - including ID numbers, dates of birth, home addresses, national insurance numbers and, in some cases, bank details - may have been stolen. Currently, there are no reports of ransomware demands.
The news...