British Airways and Boots told thousands of staff members that their personal information may have been compromised by a cyberattack on the businesses’ payroll provider, Zellis.
At British Airways, the hack led to the disclosure of employees’ personal information, including names, surnames, dates of birth as well as potentially banking details, according to a spokesperson for BA, which employs around 35,000 people.
Drugstore chain Boots, with more than 50,000 workers, said employees’ personal details were affected. The server was disabled and staff have been made aware, said a spokeperson for Boots, owned by US drugstore chain Walgreens Boots Alliance Inc.
The data theft adds to a string of technology glitches afflicting British Airways. Last month, a computer outage forced IAG SA’s flagship carrier to cancel hundreds of flights. Group Chief Executive Officer Luis Gallego said earlier Monday that IAG’s tech issues are fixable “but it’s going to take time.”
Read more: British Airways IT Outage Leads to More Canceled Flights
IAG is investing huge amounts in its tech infrastructure, Gallego said at the annual International Air Transport Association general meeting in Istanbul.
The most recent incident occurred through the file transfer tool of one of Zellis’s third-party suppliers, called MOVEit.
“Our data protection team is working closely with IAG’s Group Security Operations Centre to ensure the containment of the issue and to mitigate any misuse of information,” the airline said.
The Telegraph reported the information earlier.
--With assistance from Siddharth Philip.
(Updates with Boots from throughout)