The Register reported this week a massive data breach at Shell. A contact database of 176,000 staff and contractors at Shell was copied and forwarded to activists and lobbyists. The interesting twist to this data breach is that the contact database was reportedly emailed out on behalf of 176 “concerned staff”. Investigations are already underway by the Chief Ethics and Compliance Officer at Royal Dutch Shell to get to the bottom of who downloaded and distributed this sensitive information but it certainly was not authorized.
While Shell is downplaying the confidentiality of the data that was stolen, this data breach raises important questions regarding the vulnerability of other data. A contact database for 176,000 contacts is no small file, so it will be interesting to learn what systems were used for downloading and distributing the data and what safeguards were or were not in place to prevent such a breach.
One thing is for certain, if Shell had a managed file transfer system in place they would have records of the who, what, where and when of every file transfer going out of the company. It would be a good starting point in tracking down those responsible.