This week, Shell reported a cybersecurity incident involving potentially thousands of employees at BG Group in Australia. The incident is linked to the MOVEit hack, which has affected over a thousand businesses and millions of people globally. MOVEit is a software tool commonly used for transferring large volumes of sensitive data, including pension and social security information.
The vulnerability, unresolved since May 2023, has breached small businesses and large ones alike with massive organizations like Deloitte, the BBC, the Nova Scotia government, and Colorado State University becoming victims.
Shell disclosed that unauthorized access occurred, leading to the exposure of personal information of many individuals. The breached data goes back to 2013, posing a serious risk of highly targeted phishing campaigns and identity theft. The company began notifying employees in early July but has not revealed how many people were affected.
Clop, a financially motivated hacking group, is the perpetrator behind the MOVEit attacks, which has compromised the personal data of more than 40 million people. In July, Clop was responsible for a staggering one-third of all ransomware attacks, making them the most prolific ransomware threat actor this past summer.
American-based government contractor Maximus One reported one of the most severe breaches linked to the MOVEit compromise. This breach exposed the personally identifiable information of up to 11 million individuals, including data from over 600,000 Medicare beneficiaries.
Shell’s incident is part of a broader trend of cyberattacks that have prompted the Australian leaders to reform its cybersecurity regulations by establishing an agency to oversee government investments in this critical area.
Cybersecurity threats are only becoming more commonplace and dangerous. Businesses of all sizes need to be prepared for these events when they happen. To discover your organizations’ threat level, take our cybersecurity self-assessment.