Energy giant Shell has confirmed that personal information belonging to its employees has been compromised in a recent cyber attack. The Cl0p ransomware group exploited a zero-day vulnerability in the MOVEit managed file transfer (MFT) product, resulting in data theft from at least 130 organizations. The attack is estimated to have impacted around 15 million individuals. Shell was one of the first organizations named by the cybercrime gang after refusing to negotiate on their leak website.
In a statement, Shell acknowledged being targeted by the MOVEit hack and clarified that the MFT software was used by a small number of its employees and customers. The company confirmed unauthorized access to personal information related to employees of the BG Group, but the specific nature of the compromised data remains unknown. Affected individuals are being notified, and toll-free phone numbers have been provided for employees in various countries, indicating that the impact may extend to those regions.
Shell emphasized that this incident did not involve ransomware and that there is no evidence of any other IT systems being affected. The Cl0p group published files allegedly stolen from Shell, including 23 archive files labeled ‘part1’, hinting at the possibility of additional compromised data. However, the exact contents of these archives remain unclear. It’s worth noting that Shell had previously been targeted by the same cybercrime gang in 2020, resulting in the theft of personal and corporate data through a zero-day exploit.
Other prominent organizations, including Siemens Energy, Schneider Electric, UCLA, and EY, have also been named by the Cl0p group as victims of the recent MOVEit exploit. While some government organizations have admitted being affected, the cybercriminals claim to have deleted all data obtained from such entities. The investigation into the attack and the impact on individuals and organizations is ongoing.
