Shell is the global group of energy and petrochemical companies with more than 80,000 employees in more than 70 countries. They use advanced technologies and take an innovative approach to help build a sustainable energy future.
It is also the fifth-largest company in the works based on its 2020 revenue results according to Fortune’s Global 500 rankings.
Shell has been impacted by a data security incident involving Accellion’s File Transfer Appliance. Shell uses this appliance to securely transfer large data files.
Investigation on the Data Breach
The company started an investigation to better understand the nature and extent of the incident. There is no evidence of any impact on Shell’s core IT systems as the file transfer service is isolated from the rest of Shell’s digital infrastructure.
“Upon learning of the incident, Shell addressed the vulnerabilities with its service provider and cybersecurity team and started an investigation to better understand the nature and extent of the incident.“- Shell
The investigation is ongoing and has shown that an unauthorized party gained access to various files during a limited window of time. Some contained personal data and others included data from Shell companies and some of their stakeholders.
Shell is in contact with the impacted individuals and stakeholders and they are working with them to address possible risks.
The company has been in contact with relevant regulators and authorities and will continue to do so as the investigation continues.
“Cybersecurity and personal data privacy are important for Shell and we work continuously to improve our information risk management practices. We will continue to monitor our IT systems and improve our security. We regret the concern and inconvenience this may cause affected parties.”, Shell said.
Clop ransomware gang and FIN11 behind series of Accellion Hacks
Though the attackers’ identity was not revealed in Shell’s statement, a joint statement published by Accellion and Mandiant last month shed more light on the attacks, linking them to the FIN11 cybercrime group.
The Clop ransomware gang has also been using an Accellion FTA zero-day vulnerability (disclosed in mid-December 2020) to compromise and steal data from multiple companies.
Accellion said that 300 customers used the 20-year-old legacy FTA software, with less than 100 of them being breached by the Clop ransomware gang and FIN11, the cybercrime groups behind these attacks. Less than 25 victims appear “to have suffered significant data theft,” according to Accellion.