Oil Giant Shell Data Breached, Data of Thousands Leaked on BreachForums

Types of Data Stolen in Shell Data Breach

The stolen records were claimed to contain various types of sensitive personal details including:

• Customer codes
• Names
• Addresses
• Email addresses
• Phone numbers
• Login credentials
• Loyalty point balances
• Proof of Breach Published

As proof, 888 also published sample records of 10 Australians who had shopped at Shell Coles Express fuel stations, matching the fields listed as stolen.

Shell Breach Caused by Third Party: Unclear Which Partner Impacted

While Shell partners with Coles Express for petrol stations in Australia, Coles Express was sold to Viva Energy by Coles in May 2023. It remains unclear whose specific databases may have been breached.

No one has yet independently verified the breach details. Shell also did not acknowledge or comment on the alleged incident when contacted by reporters.

Previous Cyber Attack Targeted Shell in 2022

This is not the first time shell has experienced a cybersecurity incident. Shell has had a fair share of cyber attacks, having been one of many global companies impacted by the massive MOVEit supply chain ransomware incident in mid-2022. The Clop ransomware gang had exploited MOVEit software used by Shell.

If confirmed, this latest Shell data breach raises concerns for the thousands of customers who entrusted their personal information through fuel purchases and reward programs. Compromised login credentials and details could also enable fraud and identity theft.

Customers are urged to watch for any suspicious account activity and monitor statements from Shell as the company potentially looks into this alleged cybersecurity incident.