Ironically, Shells security breach came at a convenient time- had Shell discovered the breach in April, a new set of rules (covered here and here) would have allowed the company to be charged fines of up to £500,000. However, even without the additional monetary cost, Shell lost something extremely valuable: the trust of its employees. Shell workers are much less likely to remain loyal to a company which isnt proactive about protecting its internal information.
A spokesperson for the ICO said: Shell has notified us of a security breach regarding a significant amount of peoples personal details. We are looking into how this data breach occurred and will decide what, if any regulatory action, is required. Shell if it is found guilty may escape lightly. Fines levied by the ICO for failing to protect against the loss of personal data tend to be under £5,000.