Ofcom has warned that confidential data on some of the companies has been compromised in a cyber-attack related to the MOVEit file transfer software.
In a statement, the media regulator said personal data relating to 412 employees was also downloaded in the attack.
Over the last week several UK companies using MOVEit had personal data relating to their employees stolen. They include the BBC, British Airways and Boots the Chemist.
“The security of commercially confidential and sensitive personal information provided to Ofcom is taken extremely seriously,” said Ofcom.
“We took immediate action to prevent further use of the MOVEit service and to implement the recommended security measures. We also swiftly alerted all affected Ofcom-regulated companies, and we continue to offer support and assistance to our colleagues.”
According to the National Cyber Security Centre, criminals have exploited a vulnerability in Progress Software’s MOVEit file transfer app, which is used by thousands of organisations around the world.
Payroll services provider Zellis have suffered a data breach as a result, leading to the loss of data at the BBC, British Airways, Boots and five other customers.
The NCSC says it is working with Zellis to understand and respond to this incident.
MOVEit says that when it discovered the vulnerability, it promptly launched an investigation, alerted MOVEit customers of the issue and provided immediate mitigation.
No Ofcom systems were compromised during the attack.
