The hackers who stole personal data from Boots have issued an ultimatum to the business on the dark web.
The Russian cyber crime gang Clop has issued a note telling affected firms, including the BBC, to email them before 14 June or they will publish the stolen data.
The gang is urging for negotiations to take place on its darknet portal.
The BBC posted part of the note, which is written in broken English.
"This is announcement to educate companies who use Progress MOVEit product that chance is that we download a lot of your data as part of exceptional exploit,” it read.
Companies have been advised not to contact the hackers.
The UK health and beauty retailer is among thousands of firms whose employee data was compromised, including names, addresses, bank details and national insurance numbers.
Zellis, a third-party payroll provider used by the organisations affected, was the target of the cyber attack.
Hackers are said to have exploited a backdoor in MOVEit, the software used by Zellis to transfer files.
The hack has been attributed to a Russian-linked criminal gang, reported The Telegraph.
Boots, which employs more than 50,000 people in Britain, emailed its staff about the data breach.
“A global data vulnerability, which affected a third-party software used by one of our payroll providers, included some of our team members’ personal details,” said a Boots spokesperson in a statement.
“Our provider assured us that immediate steps were taken to disable the server, and as a priority, we have made our team members aware.”
Zellis said “a small number” of its customers have been impacted by the MOVEit transfer data breach.
“Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring,” read Zellis’ statement.
“We have also notified the Information Commissioner’s Office (ICO), Data Protection Commission (DPC), and the National Cyber Security Centre (NCSC) in both the UK and Ireland.
“We employ robust security processes across all of our services and they all continue to run as normal.”
The NCSC is working to “fully understand the UK impact” and urged companies that use the software to take immediate action.
This includes “following vendor best practice advice and applying the recommended security updates,” it added.
Businesses such as British Airways and Aer Lingus are also victims of the hack.
Cosmetics Business has reached out to Boots for comment.