Original URL: http://www.theregister.co.uk/2008/10/07/shell_oil_database_breach/

IT contractor caught stealing Shell Oil employee info

Database for 'majority' of US workers breached

By Dan Goodin

Posted in Security, 7th October 2008 23:42 GMT

Shell Oil has warned its employees to be on the lookout for identity theft after an on-site IT contractor was caught stealing worker information out of a company database.

In a security notice posted Friday, Shell said the contractor had already used social security numbers belonging to four employees to file fraudulent unemployment claims. Company officials have no evidence showing other employees' information was lifted.

The culprit is an unnamed employee of a vendor that was working on a project involving Shell's US database. After discovering the breach, the individual was removed from the premises, and Shell terminated its contract with the vendor.

"The matter is being fully investigated internally and Shell is continuing to work with the Texas Workforce Commission and [local] law enforcement to investigate this matter," Shell officials wrote in the notice.

The breached database contained information for a majority of current of former Shell employees based in the US, according to IDG News. ®