Oil and gas company Shell has confirmed that it was affected by the Clop ransomware attacks on the MOVEit file transfer tool. This marks the second time that Shell has been targeted by the Clop gang, which listed the multinational company on its extortion site.
Shell stated that its core IT systems remained unaffected, but investigations were ongoing. Other victims of the MOVEit breach include the BBC, British Airways, Aer Lingus, Boots, Ofcom, and Transport for London, with varying degrees of impact on their systems and data.
According to a spokesperson for Shell, the cyber security incident affected a third-party tool called MOVEit Transfer, used by a limited number of Shell employees and customers. However, there is no evidence of any impact on the company’s core IT systems.
Clop’s attacks on MOVEit have affected multiple organizations in the United Kingdom, compromising sensitive information and personal data. Ofcom, the BBC, British Airways, and Boots were potentially more exposed to the breach as the file transfer tool was used by a third-party payroll services supplier called Zellis.
Transport for London also confirmed being impacted by the incident, with up to 13,000 drivers’ personal data being stolen. Professional services firm EY was also affected, although it is unclear whether they were a Zellis customer or had direct use of MOVEit Transfer. Clop’s previous attacks targeted Accellion’s file transfer appliance and Fortra’s GoAnywhere file transfer product, exploiting vulnerabilities to extort sensitive data from numerous companies and organizations.
Progress, the developer of MOVEit, recently announced a second vulnerability in the software, leading to further breaches. Investigations and security measures continue to mitigate the impact of the attacks.
Additionally, oil and gas company Shell has confirmed that it was targeted by the Clop ransomware attacks on the MOVEit file transfer tool. While Shell’s core IT systems remained unaffected, investigations are ongoing. Other organizations, including the BBC, British Airways, Aer Lingus, Boots, Ofcom, and Transport for London, were also impacted by the MOVEit breach. The attacks compromised sensitive information and personal data, with some organizations being more exposed due to their use of a third-party payroll services supplier called Zellis. Clop has previously targeted other file transfer products and recently a second vulnerability in MOVEit was discovered, leading to further breaches. Efforts are being made to investigate and mitigate the impact of these attacks.
