A mass hack that is still ongoing has led to the warning that more than 100,000 people's personal information is in the hands of cybercriminals.
Among the businesses whose employees were impacted by the MoveIt data breach are the BBC, British Airways, Aer Lingus, and Boots.
As the extent of the breach is discovered, more organizations are anticipated to issue staff warnings.
What, however, can those affected by widespread hacks do?
The most urgent advice is directed at the organizations in the early phases of an attack like this.
Hackers don't want to pursue specific people because it would take too much time and they only care about getting paid.
Additionally, they'll probably send Bitcoin ransom demands via email to the compromised organizations.
"The important message to organizations right now is not to panic, to install the security patch, and not to pay the criminals," says Prof. Ciaran Martin, former director of the National Cyber Security Centre.
However, once an organization has been compromised, the hackers are in the lead.
Additionally, the extortion tactics used by the criminals suspected of being behind the MoveIt hack are well known for their brutality.
The hackers frequently ponder their extortion strategies before acting.
If you don't hear from them in the next few days, you're not out of the woods, warns Mandiant Intelligence senior manager Kimberly Goody. "In some prior incidents involving these criminals, victims weren't contacted until weeks after data was stolen.".
The group, which is believed to be based in Russia, will then email a business address and demand money in exchange for not posting the stolen data online, according to Mandiant research.
Mandiant experts claim that while most of these demands are in the seven- or eight-figure range, some have exceeded $35 million (£28 million).
Additionally, organizations are advised not to pay by law enforcement agencies worldwide because doing so encourages the expansion of these criminal gangs.
Individuals are advised not to panic instead of being wary.
If your business declines to pay the thieves, there's a good chance they'll try to sell the information to other hackers or publish it on the dark web.
However, there are a lot of steps in between there and you losing money.
"There really is an important message not to panic, as it's very unlikely that organizations have been storing data like full bank details which can directly lead to sort of financial harm," Prof. Martin said on BBC Radio 4's Today program.
Additionally, even though some companies, like British Airways, claim that some staff members' bank account information has been stolen, it was extremely unlikely that this would result in the draining of individual accounts.
According to experts, the risk comes from secondary attacks, in which hackers coerce victims into disclosing more information by using the information they already have.
The recommendation is to be on the lookout for ominous emails and phone calls, especially those that are related to the hack.
In a typical scam, a message claiming to be from the victim's company may ask them to log in and confirm their account because "fraudulent activity has taken place.".
Experts advise that you watch out for:.
- official-sounding messages about "missed deliveries," "resetting passwords," "getting paid," or "scanning devices.".
- Emails stuffed with "tech speak" that are meant to sound more convincing.
- being compelled to act quickly or within a short period of time.
As more businesses learn they have been hacked, the MoveIt breach is likely to get worse. However, experts say that prior hacks have resulted in little harm to individuals because the stolen data has been published in a remote area of the dark web.
