Shell Has Reported a Data Breach That Has Affected Thousands of Customers Across Multiple Countries.
The Shell data breach has compromised the personal information of customers in Australia, the UK, France, India, Singapore, the Philippines, the Netherlands, Malaysia, and Canada.
Breach First Reported on Hacking Forum
The alleged data breach was first disclosed on the dark web forum “BreachForums” by a hacker using the name “888”.
According to the post, around 80,000 customer records were stolen from Shell databases.
Types of Data Stolen in Shell Data Breach
The stolen records were claimed to contain various types of sensitive personal details including:
- Customer codes
- Names
- Addresses
- Email addresses
- Phone numbers
- Login credentials
- Loyalty point balances
- Proof of Breach Published
As proof, 888 also published sample records of 10 Australians who had shopped at Shell Coles Express fuel stations, matching the fields listed as stolen.
Shell Breach Caused by Third Party: Unclear Which Partner Impacted
While Shell partners with Coles Express for petrol stations in Australia, Coles Express was sold to Viva Energy by Coles in May 2023. It remains unclear whose specific databases may have been breached.
No one has yet independently verified the breach details. Shell also did not acknowledge or comment on the alleged incident when contacted by reporters.
Previous Cyber Attack Targeted Shell in 2022
This is not the first time shell has experienced a cybersecurity incident. Shell has had a fair share of cyber attacks, having been one of many global companies impacted by the massive MOVEit supply chain ransomware incident in mid-2022. The Clop ransomware gang had exploited MOVEit software used by Shell.
If confirmed, this latest Shell data breach raises concerns for the thousands of customers who entrusted their personal information through fuel purchases and reward programs. Compromised login credentials and details could also enable fraud and identity theft.
Customers are urged to watch for any suspicious account activity and monitor statements from Shell as the company potentially looks into this alleged cybersecurity incident.
