Shell data hackers hoped to kick-off 'revolution'

A document released with the stolen database suggests Shell could face more breaches.

data

A lengthy document sent by allegedly disillusioned Shell employees to leading environmental and human rights activists sought to launch a corporate revolution at the oil giant.

The document, which has been given to IT PRO, was attached to a leaked database containing contact details of nearly every Shell employee. It was sent by 116 disillusioned full-time employees in the US, the UK and the Netherlands to Greenpeace and other campaign groups active in Nigeria.

The document contained information on how the contact database could be used change the way Shell operates, by influencing employees, the public, top institutional investors and non-governmental organisations.

"Using the files we have attached... the Royal Dutch Shell Corporate Revolution that we propose and describe in large detail in Section 5 of this document provides a step-by-step guide on how to shatter the walls of mass ignorance in the corporation in order to bring about informed and meaningful insider dissent from Shell's common-folk robot employees," the document reads.

One recipient of the files, John Donovan, a campaigner at anti-Shell website www.royaldutchshellplc.com, told IT PRO that the disillusioned employees may have been planted there by activists solely to extract information such as the database. Donovan predicted that more data breaches would be forthcoming at the oil giant.

According to the document, the employees are upset at a range of environmental and human rights abuses that they believe their employer is taking in Nigeria, one of its key markets for energy exploration.

"We are extremely concerned regarding Shell's behaviour in Nigeria and we are disgusted by the injustices that Shell is committing in Nigeria," they wrote.

The document was not signed by the authors, they say, to protect their own jobs. They fear they would be sacked if they revealed their identities.

Shell accepts that the database is genuine, but says it believes that the covering letter is not.

The oil giant publicly argues that individuals' security has not been affected by the distribution of the database. However, an email apparently sent by Shell's chief ethics and compliance officer Richard Wiseman suggests there are wider internal security concerns.

"Although the vast majority of information in the [Shell corporate] Address Book is largely business related, there may be cases where the security of an individual may be impacted by release of such information," Wiseman wrote.

Some personal phone numbers are included in the database where the individual uses that number to work from home. IT PRO understands that Wiseman sent a memo to Shell staff declaring that some might receive nuisance phone calls as a result.

Donovan said: "We expect to receive further leaked information from Shell insiders."

Shell is currently investigating the circumstances under which the database was leaked. This investigation includes trying to identify if hackers were involved.

The company could offer no comment on whether the leak was caused by people or if it's a process or technology issue, and what actions it would take to prevent the issue happening again.

Featured Resources

Five lessons learned from the pivot to a distributed workforce

Delivering continuity and scale with a remote work strategy

Download now

Connected experiences in a digital transformation

Enable businesses to meet the demands of the future

Download now

Simplify to secure

Reduce complexity by integrating your security ecosystem

Download now

Enhance the safety and security of your people, assets and operations

Enable a true vision of security with an engineered solution based on hyperconverged and storage platforms

Download now

Recommended

'Largest ever' Magecart hack compromises 2,000 online stores
hacking

'Largest ever' Magecart hack compromises 2,000 online stores

15 Sep 2020
Infocyte integrates with Palo Alto Networks Cortex XSOAR
cyber security

Infocyte integrates with Palo Alto Networks Cortex XSOAR

19 Aug 2020
Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020

Most Popular

Accenture ploughs $3 billion into cloud migration support group
digital transformation

Accenture ploughs $3 billion into cloud migration support group

17 Sep 2020
Google Pixel 4a review: A picture-perfect package
Google Android

Google Pixel 4a review: A picture-perfect package

18 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020