British Airways staff have been caught up in a cyber attack affecting their bank details, salaries and personal data.
The airline wrote to all of its UK employees on Monday, June 5, to inform them that payroll company Zellis had been hit by a data breach.
Hackers are understood to have taken advantage of a flaw in a tool used by Zellis, which serves BA and many other major businesses.
Around 34,000 of the airline’s staff have been contacted, with affected data including sort codes, account numbers, salaries, national insurance numbers and contact details.
A BA spokesperson said: “We have been informed that we are one of the companies impacted by Zellis’ cybersecurity incident which occurred via one of their third-party suppliers called MOVEit.
“Zellis provides payroll support services to hundreds of companies in the UK, of which we are one. This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool.
“We have notified those colleagues whose personal information has been compromised to provide support and advice.”
A spokesperson for the Information Commissioner’s Office confirmed that BA and Zellis had been in touch, with the ICO now “assessing the information provided”.
Travel Weekly has contacted Zellis for comment.