Shell, the multinational energy company, has revealed that it has fallen victim to a cybersecurity incident related to employees who previously worked with the BG Group in Australia before the merger.
This incident is the latest in a series of cyberattacks involving the MOVEit software tool, which is commonly used for the secure transfer of large volumes of sensitive data, including pension information and social security numbers, among others.
According to Shell, unauthorized access was made to certain personal information of the affected individuals. Although the accessed data dates back to 2013 and is considered historical, there remains a potential risk of identity theft and phishing campaigns targeting the impacted individuals.
The company has taken steps to inform those affected by the breach, but the exact number of individuals impacted has not been disclosed as of now. Reuters reached out to Shell for further clarification, but the company had not responded to the request at the time of reporting.
This incident is part of a growing trend of security breaches affecting corporate entities in Australia since late last year. These breaches prompted the government to implement cybersecurity rule reforms and establish an agency responsible for overseeing government investments in cybersecurity.
Hebe Chen, an analyst with IG Markets, noted that this latest incident underscores vulnerabilities in Australia’s corporate ecosystem. It not only highlights weaknesses in existing security measures but also raises questions about the effectiveness of the Australian government’s national cybersecurity strategy, Reuters news report said.
Shell completed its acquisition of BG Group Plc for $70 billion in 2016, expanding its portfolio to include multiple oil and gas projects in countries such as Brazil and Australia. The company’s response to this cybersecurity incident underscores the ongoing challenges posed by cyber threats to organizations across various sectors.