Recently, Shell posted a notice on its website explaining that it is attempting to contact individuals about a recent cybersecurity incident in which their personal information was leaked. In this notice, entitled “Important information about MOVEit Transfer cyber security incident,” Shell explains that the incident resulted in an unauthorized party being able to access sensitive information belonging to employees of BG Group, a company Shell acquired in 2016. Shell posted this notice to inform all individuals who were affected by the recent data security incident.
If you received a data breach notification from Shell or otherwise have reason to believe your information was leaked, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft as well as discuss your legal options following the Shell data breach. For more information, please see our recent piece on the topic here.
What Caused the Breach That Affected Shell Employees?
The Shell data breach was only recently announced, and more information is expected in the near future. However, Shell’s recently posted notice provides some important information on what led up to the breach. According to this source, Shell experienced a cybersecurity event related to the company’s use of the MOVEit file transfer software. Shell goes on to briefly note that the company is trying to contact affected individuals to inform them of the incident. Shell also noted that it is currently investigating the incident but that, so far, the company’s investigation has confirmed that the MOVEit vulnerability resulted in information relating to BG Group employees being compromised.
MOVEit is a commonly used file transfer software developed by Progress Software. In late May 2023, Progress identified a zero-day vulnerability within MOVEit. This vulnerability allowed unauthorized actors to access information contained within the MOVEit software. And because this was a zero-day vulnerability, hackers were able to exploit it before Progress could create a patch to resolve the issue.
Note that because the incident only involves Shell’s use of the MOVEit software, there is no indication to believe that hackers were able to access Shell’s own IT network.
Based on Shell’s recent notice, it remains unclear if the company is going to send out data breach letters to those BG Group employees who were affected by the recent data security incident. However, employees should be notified if their information was leaked.
More Information About Shell
Founded in 1907, Shell is a multinational oil and gas company based out of London, England. Shell engages in a broad range of oil and gas-related activities, including locating and drilling crude oil and natural gas, liquifying natural gas, and refining and shipping crude oil. The company operates globally in 100 countries and territories around the world. Shell employs more than 102,000 people and generates approximately $381 billion in annual revenue.