Shell, the multinational oil and gas company, has confirmed that it is the victim of a MOVEit hack, revealing that personal information regarding its employees was compromised.
According to a July 5 statement: "A cybersecurity incident has impacted a third-party software from Progress called MOVEit Transfer, which was running on a Shell IT platform. MOVEit Transfer is used by a small number of Shell employees and customers. This was not a ransomware event. There is no evidence of impact to any other Shell IT systems. Our IT teams are investigating. Some personal information relating to employees of the BG Group has been accessed without authorization."
Shell has not specified what kind of personal information was compromised, and it confirmed the hack only after the Cl0p cybergang published the data it allegedly stole from the company because Shell refused to negotiate.
The Cl0p ransomware group has used the MOVEit managed file transfer (MFT) to steal data from hundreds of organizations, and millions have been affected by the group's actions, including at US federal government agencies.