The gang is believed to have carried out cyberattacks on companies including BA and Boots, and gave victims a deadline to negotiate or post the hacked information online.
Clop, the suspected Russian group that claimed responsibility for the attack, posted a notice to victims on the dark web MOVEit software hacker.
The personal data of more than 100,000 employees was accessed in the attack, including banking and contact details.
In a Dark Web blog post, Klopp told victims to negotiate with the group via email by June 14, the BBC reported.
The BBC itself was affected by the attack, as was Aer Lingus.
More victims emerged, including the University of Rochester in New York. The government of Nova Scotia, Canada, also said it had been attacked.
Clop reportedly claimed it had deleted any data from government, city or police departments, saying: “Don’t worry, we deleted your data, you don’t need to contact us. We have no interest in making this information public.”
Workers hit by cybersecurity breach
Payroll software company Zellis, which used MOVEit software to access the data of BA, BBC and Aer Lingus staff, said eight of its customers had been attacked but did not name them.
Other Zellis customers include Jaguar Land Rover, Harrods and Dyson.
Hundreds of companies using the popular MOVEit business software could be affected.
read more:
Origin of cyber attack ‘appears to be Russia-linked’ – analysis
A weak link in MOVEit’s code — a so-called zero-day vulnerability — allowed hackers to access its servers and employees’ personal and financial data.
So far, the group’s motives are unclear. It claimed responsibility in an email to Reuters on Monday.
Click to Subscribe to the Ian King Business Podcast
A spokesperson for MOVEit said: “Our customers have always been and will always be our top priority. When we discover a vulnerability, we immediately investigate, alert MOVEit customers to the issue and provide mitigation immediately.”
They added: “We continue to work with industry-leading cybersecurity experts to investigate this issue and ensure we take all appropriate responses. We have engaged with federal law enforcement and other agencies regarding this breach.”