Royal Dutch Shell Becomes Latest Victim Of Accellion Data Breach

Posted on March 25, 2021 at 7:17 AM

Royal Dutch Shell Becomes Latest Victim Of Accellion Data Breach

A recent report revealed that Petrochemical giant, Royal Dutch Shell, was recently a victim of a high-profile data breach. The incident was in connection with the embattled cloud provider Accellion.

Last week, Shell announced that the data breach incident occurred via the use of Accellion’s secure file-transfer application (FTA), which it utilizes to transfer voluminous data files.

In December, the product was said to have several zero-day vulnerabilities, which were already being targeted by a group of threat actors. Several organizations have also reported cases of a data breach concerning the hacking activities on the Accellion network, with Shell becoming the latest victim.

It’s not clear what or who is the cause of the disastrous attack on the Accellion in December. But an insight into the breach is gradually uncovering. Researchers announced this week the responsible party behind the breach may have strong links with two notorious hacking groups.

Hackers took advantage of the FTA flaws

According to the energy giant, an unauthorized party took advantage of the FTA’s flaw to gain access to a lot of files at a short attack window.

The files include data from Shell companies, personal data, as well as data from its stakeholders.  However, the firm said the incident did not affect its networks.

After discovering the breach, Shell said it took quick action to address the vulnerabilities via its cybersecurity team and service provider. Investigation into the incident began immediately to find out the nature of the incident and how far it has gone.

Since the file transfer service is isolated from Shell’s core systems, the attack didn’t impact Shell’s core IT systems, the company stated.

It’s not yet clear how much data has been affected by the breach due to the vagueness of the alert. It’s also not clear how many people have been affected or what type of data may have been stolen. It’s not an encouraging sign for the oil giant. On the flip side, the hackers may not have succeeded in gaining access to any critical data, since there is still no evidence of any important data breach yet.

It’s not clear how many are affected

The only fear is the fact that most data breaches tend to become more serious beyond their initially reported figures. It’s not always possible for organizations to find out how badly they have been compromised immediately after the breach has been discovered. Investigations will show how far they have been screwed but results don’t always come out immediately.

That means Shell may not know the extent of the breach of its files until proper investigations have been carried out. And as investigations are ongoing, new victims of the breach are discovered on the way.

This is exactly what is happening with the Accellion breach, as some other organizations have reported a compromise of their data in connection with the same breach on Accellion.

A more worrying thing for the shell is the fact that most of the larger organizations affected by the breach have been badly affected. At the time of the Accellion attack, about 50 firms were still using FTA, and it has been reported that about half of them have suffered heavy data losses. However, the true impact and the number of companies impacted may not be known now. Already, the threat actors have started sending extortion emails to the victims of some of the breach

The level at which top organizations have been hit by the Accellion hack has been surprising, to say the least. Some of the worse affected companies include global law firm Jones Day, and the largest grocery chain n the U.S., Kroger. The impact of the attack was massive for these companies.

The breach could be very serious for Shell

The list of affected companies has even expanded to include Flagstar Bank, global cloud security provider Qualys, and Canadian aerospace manufacturer Bombardier. If Shell’s breach has a similar impact with others, the oil company could be in for a long hard time.

No one knows whether the list will keep growing. But the primary company Accellion has been slow to its patches on the vulnerabilities, as it was still issuing patches up until March. This means there is a high possibility that more companies may report breaches in connection to the Accellion attack.

Summary
Royal Dutch Shell Becomes Latest Victim Of Accellion Data Breach
Article Name
Royal Dutch Shell Becomes Latest Victim Of Accellion Data Breach
Description
A recent report revealed that Petrochemical giant, Royal Dutch Shell, was recently a victim of a high-profile data breach. The incident was in connection with the embattled cloud provider Accellion.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Aug 30, 2023
Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings
Aug 29, 2023
Compromised routers allowed online criminals to target Pentagon contract site
Koddos

Newsletter

Get the latest stories straight
into your inbox!

Popular Articles

Aug 30, 2023
Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings
Aug 29, 2023
Compromised routers allowed online criminals to target Pentagon contract site
Aug 28, 2023
1.2 million customers of Mom’s Meals were affected after the recent data breach
Aug 28, 2023
How VPNs Can Defend Against the Threat of Hacking
Aug 23, 2023
Terra Developers Shut Down Website Amid A Phishing Campaign

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading