Dublin Airport staff pay details stolen by hackers after MOVEit attack at third-party provider

Staff at Dublin Airport have been warned that their personal data has fallen into the hands of hackers, following a data breach at a third-party service provider.

Some 2000 employees of DAA, the operator of Dublin airport, have had their pay and benefit details stolen after cybercriminals exploited a vulnerability in the MOVEit - a file-transfer tool used by many businesses to transfer files.

It was DAA's misfortune to be a client of one such company using MOVEit - Aon, a multinational professional services and management consulting firm.

As The Sunday Times reports, Aon is contracted by DAA to compile and print personalised total rewards statements to some employees.

The DAA says that it has informed Ireland's Data Protection Commission.

Ironically, one of the services that Aon offers to companies is assistance with data breaches.

The harsh reality is that any organisation can suffer a security breach, and if a company is reliant upon third-party service providers there is often a risk that a cybersecurity incident at the supplier could result in sensitive information ending up in criminal hands.

DAA says that it is "offering support, advice and assistance to employees impacted by this criminal cyber-attack."

Last month the US State Department offered a $10 million reward for any information which would link members of the Cl0p ransomware gang to a foreign government.

The offer came shortly after news of the MOVEit flaw first became public, with the Cl0p cybercrime gang threatening to release stolen information if ransoms were not paid.

Victims of MOVEit hacks have reportedly included the BBC, Aer Lingus, British Airways, and UK highstreet pharmacy Boots, amongst others.

Cybercriminals are launching supply-chain attacks against third-party suppliers and service providers time and time again. It's no surprise that such breaches are increasingly making headlines due to the potential for many victims and hefty ransoms demanded by attackers.