A growing number of businesses are being impacted by hackers thought to be from Russia, including the BBC, British Airways, Boots, and Aer Lingus.
Personal information, such as social security numbers and, in some cases, bank account information, may have been stolen, the staff has been warned.
To access numerous businesses at once, the cybercriminals broke into a well-known piece of software.
There have been no reports of money being taken or ransom demands being made.
Last week, US company Progress Software revealed that hackers had discovered a way to access its MOVEit Transfer tool, which was when the hack was first made public.
The majority of users are in the US, but the software is well-liked throughout the world.
In order to prevent further breaches, the US Cybersecurity and Infrastructure Security Agency has issued a warning to businesses that use MOVEit to download security patches.
Kevin Beaumont, a security researcher, claimed that despite affected businesses' failure to implement the fix, internet scans revealed that thousands of company databases may still be exposed.
Early indications show that numerous well-known organizations may be impacted, he said.
One of the businesses impacted in the UK is Zellis, a provider of payroll services, which reported that data from eight of its clients had been stolen.
Although it wouldn't give names, organizations are independently warning employees.
The BBC informed its staff via email that the stolen data included staff ID numbers, dates of birth, residential addresses, and national insurance numbers.
British Airways employees have been warned that some of their bank information may have been stolen.
The National Cyber Security Centre of the UK stated that it was keeping an eye on the situation and urged businesses using MOVEit to implement security updates.
Experts predicted that instead of extorting individuals, cybercriminals would likely try to blackmail businesses.
Although no public ransom demands have been made as of yet, it is anticipated that cybercriminals will start emailing impacted organizations to demand a payment.
They'll probably threaten to release the data online for other hackers to browse.
Victim organizations caution staff to be alert for any suspicious emails that could result in additional cyberattacks.
Microsoft asserted that, despite the lack of an official accusation, it thinks the perpetrators are connected to the infamous Cl0p ransomware group, which is thought to have its base of operations in Russia.
The US tech giant claimed in a blog post that it was attributing attacks to Lace Tempest, a ransomware operator and operator of the Clop extortion website where victim data is published. The business claimed that the hackers were responsible have previously used comparable methods to extort victims and steal data.
According to cyber security expert John Shier of the company Sophos, "this most recent round of attacks is yet another reminder of the importance of supply chain security.".
"Even though Cl0p has been associated with this active exploitation, it is likely that other threat groups are prepared to exploit this vulnerability as well.
. "