Shell Becomes Latest Cl0p MOVEit Victim

In another MOVEit attack, oil and gas giant Shell saw the release of the private information of its employees.

Dark Reading Staff, Dark Reading

July 6, 2023

1 Min Read
Shell gas station logo
Source: Ashley Cooper pics via Alamy Stock Photo

Shell, the multinational oil and gas company, has confirmed that it is the victim of a MOVEit hack, revealing that personal information regarding its employees was compromised.

According to a July 5 statement: "A cybersecurity incident has impacted a third-party software from Progress called MOVEit Transfer, which was running on a Shell IT platform. MOVEit Transfer is used by a small number of Shell employees and customers. This was not a ransomware event. There is no evidence of impact to any other Shell IT systems. Our IT teams are investigating. Some personal information relating to employees of the BG Group has been accessed without authorization."

Shell has not specified what kind of personal information was compromised, and it confirmed the hack only after the Cl0p cybergang published the data it allegedly stole from the company because Shell refused to negotiate.

The Cl0p ransomware group has used the MOVEit managed file transfer (MFT) to steal data from hundreds of organizations, and millions have been affected by the group's actions, including at US federal government agencies.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights