Shell has confirmed that it, amongst a number of other organisations globally, was affected by the MOVEit Transfer cyber security attack on software from Progress earlier this year.  

The MOVEit software is currently used by a small number of companies within the Shell group of companies.

The MOVEit exploitation, which occurred on 27 May 27 2023, reportedly affected at least 122 organisations and exposed the data of roughly 15 million people.

Shell identified that some personal information relating to people who worked for the BG Group in Australia prior to the combination with Shell had been accessed without authorisation.

The data is from 2013 and although it is historic and some of it may be out of date, there is a risk to impacted individuals of identity theft and being targeted by phishing campaigns. The personal data that has been exposed includes names, dates of birth, TFN (tax file numbers), annual salary, BG employee personnel number, bank account details and home addresses – all as of 2013.

QGC Pty Ltd has notified the Office of the Australian Information Commissioner.

Shell notes that the main issue is to be aware of the possibility of identity theft and targeted email campaigns. In particular:

• Be alert and aware of suspicious emails, SMS or telephone calls requesting your personal information.
• Change your account passwords and never use the same passwords for different accounts.
• Alert financial institutions you have accounts with so they can implement additional monitoring and security protocols on your account.
• Closely monitor financial statements for unauthorised transactions.
• Contact the Australian Taxation Office (ATO) Client Identity Support Centre on 1800 467 033 to discuss the level of security safeguards that may need to be applied to your account.

To find further information on cyber safety go to www.cyber.gov.au/protect-yourself.