Dublin Airport staff pay data ‘compromised’ by criminals

It’s an awkward Monday for Dublin Airport after pay and benefits details for some 2,000 staff were apparently “compromised” following a recent attack on professional service provider Aon.

Aon appears to be the latest victim of the massive supply chain attack sweeping the world via since-patched flaws in Progress Software’s massively popular MOVEit file transfer suite. The vendor fixed the third critical flaw in mid-June, a day after a proof-of-concept exploit for the hole emerged.

It’s not known if any of the Irish-headquartered group’s employee pay data has been publicly leaked, although we’ve asked the DAA Group, which manages Dublin Airport, among others, for more details. DAA confirmed to The Reg this morning that “as a result of a recent cyber-attack on Aon, a third-party professional service provider, data relating to some employees’ pay and benefits was compromised.”

Despite being publicly blamed by DAA, Aon does not appear to have made a public statement about the attack, and did not immediately respond to The Register‘s request for comment. It appears to have links to the MOVEit tool on an SFTP site on its domain aimed at clients and employees.

DAA was keen to emphasize that its own systems had not been exposed, and said it had notified the Irish Data Protection Commission and was “offering support, advice and assistance to employees impacted by this criminal cyber-attack.”

According to its website, among other services it offers, Aon compiles personalized total rewards statements for clients, breaking down what an employer has dished out to staffers for development, paid time off and other things not seen in their salary bottom line. The aim, it says, is “to communicate the value of your total reward in a personalized way.”

Dublin airport has come in for flak for failing to restaff in time for the post-pandemic travel rush – a situation mirrored in many of the world’s airports.

The management company itself held a jobs fair earlier this year, with one role advertised being a “drone-catcher,” for which there was apparently “a pressing need.”

According to the company’s website, it has around 3,000 employees and besides its management of Dublin and Cork airports in Ireland also looks after terminals in Saudi Arabia, and has an international airside retail business.

If you’re a MOVEit transfer customer and haven’t yet applied the patch, do so as soon as possible using the vendor’s KB article here.

Solar flare

Warning on SolarWinds-like supply-chain attacks: ‘They’re just getting bigger’

READ MORE

Supply chain attacks have been a growing threat since 2020’s Solar Winds incident and the Kaseya crisis that followed, with MOVEit and attacks via holes in comms software maker 3CX’s software the most prominent of late.

Worse still, MOVEit isn’t even Clop’s first merry-go-round in the file transfer software game. At the end of 2020 and in 2021, it exploited zero-day flaws in Accellion’s File Transfer Appliance, hitting up oil giant Shell, among others, in a wide-ranging supply chain sweep.

Speaking to The Reg earlier this year, Mandiant said the problem is only going to get worse and the industry needs to get its act together on securing software dependencies.

The UK’s National Cyber Security Centre also recently warned companies to think more carefully about contractors and third-party security, noting: “By far the greatest supply chain issue is a third party failing to adequately secure the systems that hold your sensitive data.” ®

READ MORE HERE