Yet Another Shell Data Breach

FEBRUARY 2010 BREACH

WORLDS BIGGEST LEAK OF STAFF DATA AFFECTED OVER 176,000 SHELL EMPLOYEES AND CONTRACTORS

Contact 
details 
for 
over 176,000 
employees
 and
 contractors
 of
 Royal
 Dutch 
Shell
 reached John Donovan and some environmental
 and
 human
 rights
 groups,
 ostensibly
 from
 disaffected
 Shell staff
 calling 
for
 a “peaceful
 corporate
 revolution”
 at 
the
 company.

The 
database,
 from
 Shell’s
 internal
 directory contained
 names
 and
 telephone
 numbers
 for
 all
 the company’s
 workforce
 worldwide,
 including 
some
 home
 numbers. It 
was
 supplied
 to John Donovan with
 a
 170­ page
 covering
 note,
 explaining
 that
 it
 was 
being
 circulated 
by 
“116 concerned
 employees 
of 
Shell 
dispersed
 throughout 
the 
USA, 
the 
UK,
 and
 the
 Netherlands”,
 to highlight
 the
 harm 
done 
by 
the
 company’s 
operations 
in 
Nigeria. read more

Oil Giant Shell Victimized In December 2020 Hack

In December of 2020 hackers targeted a specific piece of hardware, Accellion’s File Transfer Appliance, with previously-unreported vulnerabilities. Once they breached the vulnerable servers the hackers began exfiltrating data.

Shell’s breach notice states that some of the files stolen “contained personal data and others included data from Shell companies and some of their stakeholders.” That tracks with what other victims of the attack reported — victims that include law firm Jones Day, Bombardier, Qualys and grocery chain Kroger. read more

By John Donovan

Nine years ago Royal Dutch Shell Plc confirmed that a list of leaked contact details of 176,000 of its employees and contractors supplied to me by a human rights and environmental activist group was authentic.

Shell claimed that the list did not pose a security risk because it did not include home addresses, but at the same time, undermined that claim by asking me not to publish it on employee safety grounds, particularly in respect of Shell employees in Nigeria.

The e-mail included a 170-page covering note claiming to be from “116 concerned employees of Shell” and accusing the company of harmful practices in Nigeria. read more

By John Donovan

I have read the judgement published online and many of the related news stories concerning the oil spill litigation brought by the law firm Leigh Day against Shell on behalf of Nigerian clients.

No one could fairly accuse the Judge Mr Justice Fraser of being biased in favour of Leigh Day. Instead, he seems to have gone out of his way to criticise them on a variety of grounds. He even complained about the volume of evidence supplied by Leigh Day.

One criticism after another, constantly coming down on the side of Shell. read more

Links to over 265 articles by a host of publishers including the FT, Wall Street Journal, Reuters, Dow Jones Newswires, Bloomberg, New York Times etc., containing references to this website, or its founders Alfred and John Donovan (photo right).

Includes newspaper and magazine articles, and newsletters. All in date order.

WALL STREET JOURNAL ARTICLE: “Shell Wages Legal Fight Over Web Domain Name”: 2 June 2005

BLOOMBERG ARTICLE: “Shell in Legal Battle Over Name of Web Site, Journal Reports“: 2 June 2005 read more

WORLDS BIGGEST LEAK OF STAFF DATA AFFECTED OVER 176,000 SHELL EMPLOYEES AND CONTRACTORS

Contact 
details 
for 
over 176,000 
employees
 and
 contractors
 of
 Royal
 Dutch 
Shell
 reached John Donovan and some environmental
 and
 human
 rights
 groups,
 ostensibly
 from
 disaffected
 Shell staff
 calling 
for
 a “peaceful
 corporate
 revolution”
 at 
the
 company.

The 
database,
 from
 Shell’s
 internal
 directory, contained
 names
 and
 telephone
 numbers
 for
 all
 the company’s
 work force
 worldwide,
 including 
some
 home
 numbers. It 
was
 supplied
 with
 a
 170­ page
 covering
 note,
 explaining
 that
 it
 was 
being
 circulated 
by 
“116 concerned
 employees 
of 
Shell 
dispersed
 throughout 
the 
USA, 
the 
UK,
 and
 the
 Netherlands”,
 to highlight
 the
 harm 
done 
by 
the
 company’s 
operations 
in 
Nigeria. read more

What Shell has not disclosed is that Shell internal spooks have spied on Shell employees via Shell servers all around the world, tracking both internal and external communications, as part of a top secret espionage project. I have irrefutable Shell internal evidence to prove it.

By John Donovan

Cybersecurity has become a major problem with highly embarrassing security breaches at many businesses such as Home Depot, Target and Sony Pictures. Royal Dutch Shell (Global Employee Data Breach) was one of the first victims.

Yesterday, the White House announced the formation of a new federal agency “to analyse threats to the nation’s cybersecurity and coordinate strategy to combat them.”

The Obama administration is launching the Cyber Threat Intelligence Integration Center as a central place to coordinate cyber threat intelligence from the FBI, the National Security Agency, the Department of Homeland Security and other federal agencies. The center will operate under the guidance of the director of national intelligence and will work with the private sector since many cyber attacks are directed at businesses. read more

Californians: Are you entitled to a share in Shell $2M settlement?

By John Donovan 

Equilon Enterprises, a fully owned subsidiary of Shell Oil, secretly recorded calls from U.S. customers contacting 888-GO-SHELL – a call centre. This included calls originating from California. Customers disclosed private information without being aware of the surreptitious recording of their calls being answered overseas. 

Following a class action lawsuit, Shell has agreed to pay nearly $2 million in settlement for violations of California’s Invasion of Privacy Act.  read more

Many major organisations are now fully embarking on cloud strategies and the latest evidence of this came from HP’s Discover event in Barcelona. read more

By John Donovan: Printed below is current email correspondence with the Open Security Foundation DataLossDB project, which had seen reports posted on the Internet that this website had been hacked by the “Brazilian Electronic Army”. The claims were false. Like the Brazilian Electronic Army, the Open Security Foundation seems to be under the impression that we are Royal Dutch Shell Plc.

EMAIL RECEIVED FROM THE OPEN SECURITY FOUNDATION

From: Erica Absetz <eabsetz@opensecurityfoundation.org>
Subject: Regarding Data Breach on April 02, 2013
Date: 24 April 2013 02:21:54 GMT+01:00
To: john@shellnews.net, nick@shellnews.net

Dear Royal Dutch Shell PLC,

I am a researcher for the Open Security Foundation DataLossDB project, a project that tracks and compiles reported data breaches.

We have seen a report or claim that your organization recently suffered a data breach. The report was published at http://pastebin.com/FT5yNBfB and http://www.cyberwarnews.info/2013/04/06/royal-dutch-shell-blog-hacked-administrator-accounts-leaked/. The summary of the report we currently have is as follows: 63 Administrator accounts with email addresses and encrypted passwords dumped on the Internet. The report indicates that the datatype(s) of email addresses and passwords were involved. read more

HOUSTON (AP) — Two activist groups said Tuesday they sent an email to more than 71,000 Shell Oil employees that pretended to be from a fake company division and provided information about a U.S. Supreme Court case involving the company.

The groups, People Against Legalizing Murder and the Yes Lab, said that on Monday they sent the email that purported to be from Shell’s “Grassroots Employee Empowerment Division,” which doesn’t exist.

Business interests argue they are being subjected to claims over the bad behavior of foreign regimes, which are shielded from lawsuits here under U.S. law. read more

Roxana, a village of 1,550 in Southern Illinois, claims in court that a Shell oil refinery contaminated the village’s water and soil with benzene levels as much as 26,000 times greater than allowed by state law.

By JOE HARRIS: Thursday, March 29, 2012

EDWARDSVILLE, Ill. (CN) – Roxana, a village of 1,550 in Southern Illinois, claims in court that a Shell oil refinery contaminated the village’s water and soil with benzene levels as much as 26,000 times greater than allowed by state law.

The Village of Roxana sued Shell Oil, Equilon Enterprises dba Shell Oil Products, ConocoPhillips, WRB Refining, Cenovus GPO and affiliates, in Madison County Court.

Roxana says the pollution comes from Shell’s Wood River refinery. read more

FINANCIAL TIMES ARTICLES CITING THE WEBSITE: Royaldutchshellplc.com

ENERGYSOURCE BLOG December 3, 2009

Spot news

…French companies dismiss claims of political fix (FT) Shell critic says oil major targeting his website Royaldutchshellplc.com operator cites released emails (Reuters) Nigerians urge Yar’Adua to step down Warnings of power vacuum… Kate Mackenzie

ENERGY SOURCE BLOG February 12, 2010

Shell’s directory leak shouldn’t be taken lightly

…corporations (in western countries)” to campaign for change in corporate practices. Meanwhile John Donovan at royaldutchshellplc.com is irked , because he says Shell asked him not to make the directory public for security and personal reasons… Kate Mackenzie read more

By Alfred & John Donovan

We knew that Shell took seriously the leaks of information and Shell internal documents which have been supplied to us over several years by Shell employees. This was plain from Shell internal documents the company has been legally obliged to disclose to us.

We did not know just how seriously, until information reached us recently from a Shell Corporate Security source.

Leaked Shell Corporate intelligence documents now in our possession cover Shell’s security plans until 2014. read more

By a former employee of Shell Oil USA

Reuters Article: Shell critic says oil major targeting his website

John

I must say that I have been very surprised (and  disturbed) to learn of the extent of Shell’s activities in the monitoring of their employees, their outside critics, etc. I find the creation of an internal ‘thought police’ organ very disturbing. Even more disturbing is the employment of former high level British and American governmental ‘spooks and cops’ to run these organizations. Shell’s relationship with the FBI is also very disturbing. Furthermore, Shell’s actions toward you and your blog have been almost ‘neo-facist’ in nature. (Henri Deterding would be proud of them, I am sure. Traditions die hard, I guess.) read more

Ironically, Shell’s security breach came at a convenient time- had Shell discovered the breach in April, a new set of rules (covered here and here) would have allowed the company to be charged fines of up to £500,000. However, even without the additional monetary cost, Shell lost something extremely valuable: the trust of its employees. Shell workers are much less likely to remain loyal to a company which isn’t proactive about protecting its internal information.