Most people have heard of oil company Shell, but we were surprised to learn the London-based company was the recent victim of a data breach in connection with the MOVEit ransomware attacks. We don't know all the details surrounding this breach, but it's likely that the attack will be harmful to Shell and potentially some of its customers or employees.
Shell hasn't released any information about what data was taken in the breach. We don't know if personal files or only company documents were taken. If personal information was compromised, Shell will have to disclose that and provide individual notices soon.
The C10p ransomware gang discovered a zero-day exploit for MOVEit, a file transfer tool used by major companies and government organizations. The exploit has enabled attackers to access databases connected to the file transfer tool in more than 130 companies in different parts of the world. The largest agencies and companies aren't safe from this attack, and it appears that more organizations will be victims of the attack in the future.
It's likely the breach impacted Shell in late May or June, like many of the other companies involved. Different companies are learning their data has been compromised at different times. Shell didn't release a statement about the breach until early July.
Shell will certainly be impacted by this data breach. The oil giant will have to rethink its security protocols and take steps to protect anyone that lost data in the breach. We don't know if Shell employees, customers, or any other individuals were harmed by this breach because Shell hasn't released data stating any personal information was lost in the breach. If personal data is lost, Shell will provide a statement and personal notices later.
We don't know how many files were taken from Shell. Most of the other 130+ companies exposed by this same breach had a huge number of files taken in the breach. We can assume the same is true for Shell.