Press and media

Press statement on MOVEit Transfer data breach

Press statement on MOVEit Transfer data breach

A statement from Zellis (Updated September 14, 2023)

On May 31, 2023 Progress Software revealed a previously unknown (‘zero-day’) vulnerability in its MOVEit transfer software, in wide use among public and private sector organisations around the world. At that time, Zellis deployed MOVEit Transfer software to support bespoke processes with a small number of customers.

As soon as we became aware of this vulnerability we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team from our Managed Security Service Provider (MSSP) to assist with forensic analysis and monitoring.

Within hours, we determined that 8 customers suffered a data exfiltration, the malware having taken advantage of the vulnerability in MOVEit Transfer, and not through any of Zellis’ own software. We used another external specialist cyber forensics company to independently validate these findings, and further confirmed there was no ‘lateral movement’ by the malicious actor to any other areas of the business.

This confirmed, we immediately began communications to impacted customers with a clear and transparent explanation of the incident. In the days that followed, we further supported our customers in their outreach to impacted data subjects: offering information, helpdesk support and a term of free identity protection cover from Experian.

Finally, we made an early, voluntary submission to the ICO in the UK and DPC in Ireland, and provided timely follow ups to our submission. We are continuing to provide support to ongoing criminal investigations into the incident.

This process of rapid notification made Zellis one of the first companies to be publicly associated with the MOVEit vulnerability story. It is important to reiterate that all Zellis-developed software was completely unaffected by this incident and there was no interruption to our service to customers. We are grateful to the customers and stakeholders who have told us they appreciated the speed and transparency of our approach.

Neither Moorepay or Benefex were using the MOVEit tool, so these businesses were unimpacted by this incident.

ENDS

Other resources you may like

Zellis Group announces acquisition by Apax Funds
Zellis Group announces acquisition by Apax Funds

The Zellis Group today announces that funds advised by Apax Partners LLP, a leading global private equity advisory firm, have reached a definitive agreement to acquire it from Bain Capital, subject to regulatory approval.

View Post
Financial services employees welcome growth of AI and new technologies [research]
Financial services employees welcome growth of AI and new technologies [research]

Learning new technologies is a major motivator for many in banking and insurance. AI is largely welcomed, but there is evidence of a confidence and skills gap.

View Post
5 years of Zellis, 55+ years of payroll and HR expertise
5 years of Zellis, 55+ years of payroll and HR expertise

Charting the journey so far, and looking to an exciting future.

View Post

Get in touch with Zellis

To find out more about Zellis, or how we could help you with your payroll and HR challenges, get in touch with a member of our team today

Contact