Royal Dutch Shell Plc  .com Rotating Header Image

Personal Information of Employees Stolen in ANOTHER Cyberattack on Shell

Posting by JOHN DONOVAN: July 7, 2023

In yet another astonishing turn of events, the notorious energy giant Shell has confirmed that personal information belonging to its employees has been “allegedly” stolen. Oh, Shell, always keeping us on our toes with your impeccable cybersecurity practices.

The Cl0p ransomware group, known for their philanthropic efforts in exploiting vulnerabilities, seized the opportunity to exploit a zero-day vulnerability in the MOVEit managed file transfer (MFT) product. And who better to grace their victim list than Shell? It’s an honor Shell should be proud of, as they join the elite club of at least 130 organizations impacted by this cyberattack. A staggering 15 million individuals are believed to be affected, but hey, who’s counting?

Of course, the Russia-linked cybercrime gang had to make an example out of Shell by naming them on their leak website. After all, Shell had the audacity to refuse negotiations with these fine cybercriminals. How dare they prioritize their own interests over the demands of hackers?

In a characteristically brief statement, Shell admitted to being hit by the MOVEit hack, conveniently clarifying that the MFT software was only “used by a small number of Shell employees and customers.” Phew, crisis averted! It’s not like the personal information of those “small number” of employees matters, right?

While the exact details of the compromised information remain unclear, Shell has kindly reassured the impacted individuals that they will be notified. Toll-free phone numbers have been generously provided for affected employees, allowing them to seek additional information. It’s heartwarming to see Shell going above and beyond to assist their employees, even if it’s after the fact.

Shell made sure to emphasize that this was not a ransomware event, as if that somehow mitigates the severity of the breach. How considerate of them to point out that file-encrypting malware wasn’t deployed. Because, you know, having personal information stolen is so much better when it’s not accompanied by ransom demands.

In a stunning display of déjà vu, Shell had the honor of being targeted by the Cl0p group in 2020 as well, via a zero-day exploit targeting an Accellion file transfer service. Back then, the hackers had the audacity to steal personal and corporate data. But hey, lightning does strike twice, doesn’t it?

It is relevant to recall that Shell was also hit by a massive data breach in 2010 and apparently did not take the necessary steps to prevent another attack.

As always, Shell is welcome to exercise its right of reply and correct any factual inaccuracies. We eagerly anticipate their comments and hope they find a way to downplay this incident and continue their legacy of putting profits above all else.

shellplc.website and its sister non-profit websites royaldutchshellplc.com, royaldutchshellgroup.com, shellenergy.website, shellnazihistory.com, royaldutchshell.website, johndonovan.website, shellnews.net and shell2004.com are owned by John Donovan. There is also a Wikipedia feature.

Comments are closed.

Comment Rules

  • Please show respect to the opinions of others no matter how seemingly far-fetched.
  • Abusive, foul language, and/or divisive comments may be deleted without notice.
  • Each blog member is allowed limited comments, as displayed above the comment box.
  • Comments must be limited to the number of words displayed above the comment box.
  • Please limit one comment after any comment posted per post.

%d bloggers like this: