Energy giant Shell has suffered a data breach after attackers compromised the company’s Accellion’s File Transfer Appliance (FTA) file-sharing system. The company disclosed the news about the attack in a public statement published on the company’s website. Shell notified relevant data authorities and regulators.
Shell (short for Royal Dutch Shell plc) is a multinational group of petrochemical and energy companies and the fifth-largest company according to 2020 Fortune’s Global 500 rankings.
Shell said that the attack only affected the Accellion FTA application used to transfer large data files.
“Upon learning of the incident, Shell addressed the vulnerabilities with its service provider and cyber security team, and started an investigation to better understand the nature and extent of the incident,” Shell said in the statement.
The company says there is no impact on Shell’s core IT systems as the file transfer application is isolated from their digital infrastructure. But it confirmed attackers gained access to files transferred using Accellion software.
Shell also revealed that some of the data accessed during the attack belong to stakeholders and subsidiaries.
“Some contained personal data and others included data from Shell companies and some of their stakeholders,” the statement reads. “Shell is in contact with the impacted individuals and stakeholders and we are working with them to address possible risks.”
Shell assured its stakeholders cybersecurity and personal data privacy are important for the company and they work continuously to improve the company’s information risk management practices: “We will continue to monitor our IT systems and improve our security. We regret the concern and inconvenience this may cause affected parties.”
While Shell did not disclose the attackers’ identity, Accellion and Mandiant last month shed linked such attacks to the FIN11 cybercrime group and the Clop ransomware gang.
