cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Aussies affected in alleged Shell fuel data breach

Major oil and gas multinational Shell has reportedly suffered a data breach affecting almost a dozen countries.

user icon Daniel Croft
Thu, 30 May 2024
Aussies affected in alleged Shell fuel data breach
expand image

The company was listed on the infamous BreachForums by a threat actor called “888”, who claimed to have uploaded 80,000 rows of data belonging to customers in Australia, the UK, France, India, Singapore, the Philippines, the Netherlands, Malaysia, and Canada.

In Australia, Shell is partnered with Coles Express for the retail side of its petrol stations. Coles Express was sold by Coles to Viva Energy in May 2023.

According to the listing, data includes:

  • Shopper code
  • First name
  • Last name
  • Status
  • Shopper email
  • Mobile contact
  • Postcode
  • Suburb
  • State
  • Site Address
  • Country
  • Site name
  • Last login
  • Pay and association number
  • Nectar

Based on the data listed, the database seems to show details of a customer loyalty program. Nectar is a loyalty program that can be used with a wide variety of businesses; however, Shell is not one of them.

The threat actor, 888, posted a sample of the allegedly stolen data, with the details of 10 individuals, all of whom are Australians shopping at Shell Coles Express locations.

Despite the data appearing authentic, the data has not been verified by Cyber Daily or other media or cyber security organisations publicly.

Cyber Daily has reached out to Shell for comment on the incident.

Shell suffered a data breach midway through last year as part of the MOVEit supply chain attack.

“A cyber security incident that has impacted a third-party software from Progress called MOVEit Transfer, which was running on a Shell IT platform,” the Shell notice said. “MOVEit Transfer is used by a small number of Shell employees and customers.”

“This was not a ransomware event,” Shell said. “There is no evidence of impact to any other Shell IT systems. Our IT teams are investigating.”

“Some personal information relating to employees of the BG Group has been accessed without authorisation.”

Despite the company claiming it was not a ransomware event, the attack was claimed by the Clop ransomware gang, which exploited a vulnerability in MOVEit in May. The hack affected a mess of major companies, including Medibank and PwC here in Australia, Siemens Energy, British Airways, and the US Department of Health.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.