Shell hit by massive data breach
Green hackers or angry ex-staff?
Posted in Management, 15th February 2010 09:20 GMT
Free whitepaper – Hands on with Hyper-V 3.0 and virtual machine movement
Shell has been hit by a massive data breach - the contact database for 176,000 staff and contractors at the firm has been copied and forwarded to lobbyists and activists opposed to the company.
John Donovan, an activist who received the database, said he had voluntarily destroyed the files. But he warned that other copies were available online.
The email supposedly comes from 176 "concerned staff" to highlight Shell's activities in Nigeria. The database is about six months old and could have been released by a recently laid off staff member, or there could really be a rogue campaign group within Shell.
Richard Wiseman, chief ethics and compliance officer at Royal Dutch Shell, wrote to staff last week after the breach emerged.
He said: "The Global Address List, containing contact information of everyone in Shell and some contractors, joint ventures and other third parties, has been downloaded without authorisation and distributed to some external parties. We do not know who did this. We are investigating and are raising this theft of information with the relevant data protection authorities."
The company played down the security implications of the loss - it is phone and email details rather than real-world addresses.
But if hackers have got access to Shell's systems then they might have more mischief planned.
The Information Commissioner's Office has launched a consultation on its new auditing powers, due to come into effect April 2010. The powers will allow the ICO to investigate organisations which it believes are failing to properly protect private data. ®
Free whitepaper – Hands on with Hyper-V 3.0 and virtual machine movement
COMMENTS
Preacher
Preaching to the converted on this forum aren't we? Or just banging your own drum?
More than likely an inside job, how many people do you think have read access to a corporate outlook directory? Should they? Do you really think any of the measures you bleat on about will have any effect other than breaking communication links within the corporate body?
Jeez, time to re-learn intranet security 101 methinks.
Inside job
Sounds like a disgruntled worker swiped the company GAL and distributed it.
I would have expected an external attack would have done a lot more damage.
Dumb
Sounds like some idiot inside Shell downloaded the Outlook address book.
Idiots.
Shell have invested a lot of money in Nigeria and have directly contributed to the construction of roads, schools, education programmes for children and adults, and direct employment of huge numbers of local staff. The list goes on.
If people are unhappy about what is happening in Nigeria, they should look to the corrupt cabal that runs the country, not Shell, or any of the other oil companies (ENI etc) that are there.
I feel sorry for Shell on this one. I know many people that work at the Dyce office. All good honest people.
It only takes one idiot to screw it up for everyone...
Will anyone learn from this?
The questions Shell should be asking now is could this have been prevented? How did they get in? Are those doors now shut? Are processes being updated to make sure similar attacks don’t happen? And finally are their processes being updated to make sure that when this happens again, their disaster team swings in to place with seamless grace?
It’s all about being in control and not just wildly trying to put out fires. Find out how it happened, establish the impact of the breach, and re-assure your base that it won’t happen again. The question of course, is how do they get those answers?
No matter what happens across applications, databases, operating systems, routers, switches, firewalls, VPNs, and the hundred other devices that makeup the rich, varied and interoperable fabric of your IT backbone, it’s all recorded. There are electronic surveillance cameras everywhere recording the basic facts: the very ‘truth’ of what happened, when, where, and by whom. Systems produce millions of log records every day, by investing in a system that can collect those logs, parse them, deeply understand them, normalise and then correlate the data, they can easily either trace stolen data back through the net to the hole that let it out, or from the hole, run forward to find out what was taken. The logs are the only way you can do this, so it’s important that they respond quickly and get their house in order as those penalty fines are going to be a whole lot bigger very shortly.
Bauer
"rogue campaign group within Shell" hahah thats a bit OTT isn't it? too much 24 this weekend lads?
IT infrastructure monitoring strategies
The new Office Garage series:
Top 10 SIEM implementer’s checklist
