British Airways and retailer Boots said their staff were amongst those hit by a cyber attack on Zellis, a payroll provider used by hundreds of companies in Britain.
British Airways, owned by IAG, said it had notified affected employees and was providing them with support.
"We have been informed that we are one of the companies impacted by Zellis' cybersecurity incident, which occurred via one of their third-party suppliers called MOVEit," BA said in a statement.
Part of the Walgreens Boots Alliance, Boots said the attack had included some of its employees' personal details.
"Our provider assured us that immediate steps were taken to disable the server," Boots said.
Boots employs over 50,000 people in Britain, while British Airways has about 30,000 staff.
US security researchers warned on Thursday that hackers had stolen data from users of file transfer tool MOVEit Transfer, one day after the software creator disclosed that a security flaw had been discovered.
The compromised data includes names, addresses, and national insurance numbers, said the Daily Telegraph newspaper, which first reported on the companies affected by the breach.
More from Cybernews:
Subscribe yo our newsletter