Shell Tells Employees Hackers Got Their Data from MOVEit Attack

Oil & gas giant Shell has confirmed that hackers managed to steal employee information in last month’s cyber-incident involving the MOVEit file transfer tool.

In June, Clop ransomware operators took credit for compromising Shell’s IT network with a recently emerged vulnerability in MOVEit Transfer, a popular file transfer utility developed by Progress Software.

The energy giant at the time announced “a cyber security incident that has impacted a third-party tool from Progress called MOVEit Transfer, which is used by a small number of Shell employees and customers.”

A spokesperson later told media that there was “no evidence of impact to Shell’s core IT systems” and that the company was refusing to negotiate with the hackers.

Employees’ personal information compromised

Now, Shell has confirmed that hackers indeed were able to steal data from one of its subsidiaries.

“We are trying to contact you about a cyber security incident that has resulted in the disclosure of some of your personal information,” reads a notice posted to Shell’s website.

“Some personal information relating to employees of the BG Group has been accessed without authorization,” it reveals.

BG Group is a British multinational oil and gas company that Shell bought for $70 billion in April of 2015. According to Wikipedia, before the acquisition, BG Group had operations in 25 countries across six continents and produced around 680,000 barrels of oil equivalent per day.

‘Not a ransomware event’

The memo confirms that the MOVEit incident was the culprit, but stresses that “this was not a ransomware event.”

Shell’s notice includes a list of countries where it knows affected employees live, along with the toll-free numbers those people can use to reach Shell’s corporate offices for help.

“Please call us for more information on your situation by using one the toll-free numbers below or fill in the form below and a member of our team will get in touch,” the notice ends.

Unlike most companies in similar situations, though, Shell offered no apology in the notice.

The Clop ransomware operation has not only taken responsibility for the hack, but also leaked data allegedly stolen from Shell. It’s not clear whether Clop was able to deploy malware in the company’s IT network. However, for all intents and purposes, this was a ransomware attack, carried out on the well-established double-extortion model where the attackers steal company data and later threaten to leak it if ransom is not paid.

Employees likely to face phishing attacks

Since the attackers likely got some sensitive information, the company should give affected individuals free credit monitoring and anti-fraud packages – or at least a clear set of instructions on how to combat phishing scams leveraging their personal data.

Bitdefender Digital Identity Protection lets you instantly find out if your data has leaked online, what type of information was compromised, what risks you face, and whether your information is for sale on the dark web.

Bitdefender Identity Theft Protection covers damages and financial loss from identity theft, complete with identity theft restoration services, and insurance up to $2 million.