Chemist + Druggist is part of Pharma Intelligence UK Limited

This is operated by Pharma Intelligence UK Limited, a company registered in England and Wales with company number 13787459 whose registered office is 5 Howick Place, London SW1P 1WG. The Pharma Intelligence group is owned by Caerus Topco S.à r.l. and all copyright resides with the group.


This copy is for your personal, non-commercial use. Please do not redistribute without permission.

Printed By

UsernamePublicRestriction

UPDATED: Boots hit by ‘global data vulnerability’ affecting staff members’ personal data

Boots has been hit by a “global data vulnerability” that included the personal details of some of its staff, it has confirmed.

The multiple told C+D today (June 6) that the incident “affected a third-party software” called MOVEit, used by one of the multiple’s payroll providers, Zellis.

 

The “global data vulnerability” included some of the multiple’s “team members’ personal details”, a Boots spokesperson said.

 

“Our provider assured us that immediate steps were taken to disable the server, and as a priority we have made our team members aware,” they added.

 

Read more: Lloydspharmacy vows to take action after media reports of customer data breach

 

They stressed that the issue is affecting many companies globally.

 

It remains unclear how many team members were affected and whether it affected all Boots branches including both corporate and pharmacy staff – as well as what personal data was exposed.

 

Boots also did not clarify when the incident happened, when the multiple became aware of it and when it was rectified.

 

 

Cyber attack?

 

 

A statement published by MOVEit on May 31, last updated yesterday (June 5), said that a “critical vulnerability” identified in the software “could allow an unauthenticated attacker to gain access to MOVEit Transfer's database”.

 

It has been reported that a cyber attack on the data may have originated in Russia.

 

Read more: Revealed: Almost 50 data breaches involving pharmacies in 16 months

But payroll provider Zellis stressed that so far, investigations have not found any evidence of any information being released publicly or being used illegally.

 

 

“Ongoing monitoring”

 

 

A spokesperson for Zellis confirmed to C+D today that “a large number of companies” worldwide were “affected by a zero-day vulnerability” in MOVEit, which is owned by Progress Software.

 

Zellis is “actively working to support” the “small number” of its own customers that were impacted by the “global issue”, they said.

 

Read more: What you need to know about new patient data safety recommendations

The payroll provider took “immediate action” once it became aware of the incident, “disconnecting the server” that uses MOVEit software and “engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring”, they added.

 

Zellis also notified the Information Commissioner’s Office (ICO), Data Protection Commission (DPC) and the National Cyber Security Centre (NCSC) in the UK and Ireland, the spokesperson said.

 

 

“Robust security processes”

 

 

“We employ robust security processes across all of our services and they all continue to run as normal,” they told C+D.

 

All Zellis-owned software is “unaffected” and there are “no associated incidents or compromises to any other part” of its IT estate”, they stressed.

 

It comes as Lloydspharmacy launched an investigation in April following claims in the media that it shared customer data with TikTok and Facebook for targeted advertising.

Related Content

Topics

         
Pharmacist Manager
Barnsley
£30 per hour

Apply Now
Latest News & Analysis
See All
UsernamePublicRestriction

Register

CD137059

Ask The Analyst

Please Note: You can also Click below Link for Ask the Analyst
Ask The Analyst

Thank you for submitting your question. We will respond to you within 2 business days. my@email.address.

All fields are required.

Please make sure all fields are completed.

Please make sure you have filled out all fields

Please make sure you have filled out all fields

Please enter a valid e-mail address

Please enter a valid Phone Number

Ask your question to our analysts

Cancel