Shell Announces MOVEit Data Breach Involving Personal Information of BG Group Employees

Richard Console, Jr.
Console and Associates, P.C.
Contact
LinkedIn
Facebook
X
Send
Embed

Recently, Shell posted a notice on its website explaining that it is attempting to contact individuals about a recent cybersecurity incident in which their personal information was leaked. In this notice, entitled “Important information about MOVEit Transfer cyber security incident,” Shell explains that the incident resulted in an unauthorized party being able to access sensitive information belonging to employees of BG Group, a company Shell acquired in 2016. Shell posted this notice to inform all individuals who were affected by the recent data security incident.

If you received a data breach notification from Shell or otherwise have reason to believe your information was leaked, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft as well as discuss your legal options following the Shell data breach. For more information, please see our recent piece on the topic here.

What Caused the Breach That Affected Shell Employees?

The Shell data breach was only recently announced, and more information is expected in the near future. However, Shell’s recently posted notice provides some important information on what led up to the breach. According to this source, Shell experienced a cybersecurity event related to the company’s use of the MOVEit file transfer software. Shell goes on to briefly note that the company is trying to contact affected individuals to inform them of the incident. Shell also noted that it is currently investigating the incident but that, so far, the company’s investigation has confirmed that the MOVEit vulnerability resulted in information relating to BG Group employees being compromised.

MOVEit is a commonly used file transfer software developed by Progress Software. In late May 2023, Progress identified a zero-day vulnerability within MOVEit. This vulnerability allowed unauthorized actors to access information contained within the MOVEit software. And because this was a zero-day vulnerability, hackers were able to exploit it before Progress could create a patch to resolve the issue.

Note that because the incident only involves Shell’s use of the MOVEit software, there is no indication to believe that hackers were able to access Shell’s own IT network.

Based on Shell’s recent notice, it remains unclear if the company is going to send out data breach letters to those BG Group employees who were affected by the recent data security incident. However, employees should be notified if their information was leaked.

More Information About Shell

Founded in 1907, Shell is a multinational oil and gas company based out of London, England. Shell engages in a broad range of oil and gas-related activities, including locating and drilling crude oil and natural gas, liquifying natural gas, and refining and shipping crude oil. The company operates globally in 100 countries and territories around the world. Shell employs more than 102,000 people and generates approximately $381 billion in annual revenue.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.
Console and Associates, P.C.
Contact
more
less

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide