News

Ofcom falls victim to supply-chain cyberattack

Ofcom has confirmed confidential data about some companies it regulates, as well as personal information about 412 employees, was downloaded during a cyberattack.

The mass hack occurred when MOVEit, software that is designed to move sensitive files, was breached by hackers.

In late May, security researchers from Huntress Security discovered a critical vulnerability in MOVEit software that could lead to potential unauthorised access into users’ systems. Then in early June, the researchers were made aware of active exploitation attempts against the transfer software application.

The scale of the MOVEit cyberattack is not yet clear.

Ofcom spokesperson said, “A limited amount of information about certain companies we regulate – some of it confidential – along with personal data of 412 Ofcom employees, was downloaded during the attack.

“The security of commercially confidential and sensitive personal information provided to Ofcom is taken extremely seriously. We took immediate action to prevent further use of the MOVEit service and to implement the recommended security measures. We also swiftly alerted all affected Ofcom-regulated companies, and we continue to offer support and assistance to our colleagues.”

The regulator added that none of its own systems were compromised during the attack, with no payroll data breached.

The hack has affected Ofcom employees who recently changed their benefits or who were new joiners. Ofcom has referred the breach to the Information Commissioners Office (ICO).