British Airways and retailer Boots said their staff were amongst those hit by a cyber attack on Zellis, a payroll provider used by hundreds of companies in the UK.
British Airways, owned by IAG said it had notified affected employees and was providing them with support.
“We have been informed that we are one of the companies impacted by Zellis’ cybersecurity incident which occurred via one of their third-party suppliers called MOVEit,” BA said in a statement on Monday.
Part of the Walgreens Boots Alliance, Boots said the attack had included some of its employees’ personal details.
“Our provider assured us that immediate steps were taken to disable the server,” Boots said.
Boots employs over 50,000 people in Britain, while British Airways has about 30,000 staff.
US security researchers warned on Thursday hackers had stolen data from the systems of a number of users of file transfer tool MOVEit Transferone one day after the maker of the software disclosed that a security flaw had been discovered.
The compromised data includes names, addresses and national insurance numbers, said the Daily Telegraph newspaper, which first reported which companies had been affected by the breach.