Energy Giant Shell Admits Data Breach is Linked to Accellion

Oil giant Shell disclosed a data breach last Tuesday, March 16, 2021, on its page, saying that it had been impacted by a third-party cybersecurity incident. According to the company, the attackers were able to compromise the file-sharing system used by Shell through Accellion’s File Transfer Application (FTA).

Royal Dutch Shell plc, otherwise simply known as Shell for short, is a renowned multinational firm of energy and petrochemical companies.

According to Bleeping Computer, the company operates in more than 70 countries and has over 86,000 employees under its name. The news site also states that Shell is also the fifth largest company around the world.

Shell Admits Data Breach is Linked to Accellion

After conducting an internal investigation surrounding the incident, the company found that an “unauthorized party gained access to various files during a limited window of time.” Among the compromised information include personal data from “shell companies and stakeholders.”

Despite this information, ZD Net reports that the company has failed to disclose how many clients or individuals have been affected by the data breach.

Following the incident, Shell reportedly notified the affected parties. In addition, the oil giant also took to securing the said vulnerabilities in its system together with a service provider and cybersecurity team.

Based on its findings in the investigation, the energy company found its IT systems secure and wholly separate from the data breach that impacted the file-sharing system. This is because the third-party File Transfer Application used from Accellion Is isolated from Shell’s main digital system.

Apart from securing its systems and conducting an investigation, the oil giant has also notified relevant authorities and regulators. The investigation is still on-going based on its press release regarding the incident.

In a statement, Shell said, “Cyber security and personal data privacy are important for Shell and we work continuously to improve our information risk management practices. We will continue to monitor our IT systems and improve our security. We regret the concern and inconvenience this may cause affected parties.”

Accellion has been embroiled in a data breach that dates back to December 2020 to January 2021. ZD Net states the file transfer application suffered from a zero-day vulnerability

The string of cybersecurity incidents affected around 50 or fewer customers on a major scale, while Bleeping Computer reveals a total of 300 customers may have been affected by the compromised software,

Among those affected by the flaw in its file transfer application include the likes of Australia’s corporate regulator and Kroger Co., reports Bloomberg. Qualys, the Reserve Bank of New Zealand, Singtel, and many other firms have come out since to disclose their relationship to the Accellion breach.