The notorious hacker group 888 has claimed responsibility for a Shell data breach targeting the British multinational oil and gas company. According to their claims, approximately 80,000 individuals could be affected by this breach across several countries, including the United States, United Kingdom, Australia, France, India, Singapore, the Philippines, the Netherlands, Malaysia, and Canada.
The compromised data, shared by the threat actor on a hacking forum, includes a range of sensitive information related to Australian users. The sample data contained information about shopper codes, first and last names, email addresses, contact mobile numbers, postcodes, Nectar information, site addresses, and transaction details.
Notably, these transactions appear to be associated with Reddy Express (Formerly Coles Express) locations in Australia. However, Shell confirmed with TCE that the investigation disproves allegations of data breach; incident traced to vendor’s third-party platform, not Shell systems; vendor initiating notifications.
An Alleged Claim of Shell Data Breach Surfaces
The claims of this Shell data leak were shared on a popular hacking forum by the user Kingpin and shared glimpses into sample data allegedly related to the organization. The Cyber Express has reached out to the oil and gas company to learn more about this Shell data breach and the authenticity of the hackers over the claimed data.
In response, Shell stated that they were aware of the allegation of a cyberattack and have concluded its investigation about the alleged breach. A spokesperson for Shell said the the investigation “shows that the data in question did not come from a Shell system nor was Shell-held customer data exposed”.
Explaining the full-extent of the breach, Shell denoted that a vendor, who provides “Shell globally with anonymous mystery shopping services, had a cybersecurity incident. The vendor used a third-party platform to store data related to its contractors (the ‘mystery shoppers’) and this data was exposed through this third-party platform. The vendor has confirmed they have begun the process of notifying impacted individuals and regulatory bodies.”
The spokesperson concluded the statement by adding that “Shell is not the owner nor controller of the acquired data, and so we are not able to comment further on this incident. We take cybersecurity very seriously, and we will continue to monitor our IT systems and maintain our security posture”.
Talking about the cyberattack on Shell, the hacker Kingpin states that the organization suffered a data breach in May 2024 and this data breach allegedly contained “Shopper Code, First Name, Last Name, Status, Shopper Email, Contact Mobile, Postcode, Nectar, Suburb, State, Site Address, Suburb 1, Country, Site Name, Last Login, Pay and Association Number”.
A Similar Incident from the Past
This purported breach is not the first time Shell has been targeted by cyberattacks. In the past, the company has faced similar security incidents, including a ransomware attack and a data security incident involving Accellion’s File Transfer Appliance. These incidents highlight the persistent threat posed by cybercriminals to organizations, particularly those in the energy sector.
In response to previous incidents, Shell had emphasized its commitment to cybersecurity and data privacy. The company has initiated investigations into the recent breaches and is working to address any potential risks to affected individuals and stakeholders.
Additionally, Shell had previously contacted relevant regulators and authorities to ensure compliance with data protection regulations and to mitigate the impact of the previous breach.
The current Shell data leak is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on this alleged Shell data breach or any official confirmation from the organization.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
