Oil giant Shell is warning customers in New Zealand and Australia about potential security risks after their information was exposed in a Web site attack. Shell is warning 5900 customers that personal information was exposed after someone broke into a Web site that housed credit applications for Shell fuel cards.
Data breach exposes 5900 Shell customers (IMG:Shell Oil)
The breached Web site, maintained by a contractor for Shell, was breached on or around February 17. The data accessed is related to credit applications. According to Shell, 1400 New Zealand customers were affected as well as 4500 in Australia.
“Shell can confirm that information provided by applicants when making online applications for Shell Card was obtained by a third party following the unlawful "hacking" of a contractor's website.” Paul Zennaro, a spokesman for Shell Australia, told The Tech Herald via e-mail.
“This [is a] criminal matter and has been referred to Police. The information obtained is equivalent to what would normally be found on business cards and cheques - including company names, address details, email addresses and some bank account details.
“Shell took the step of contacting all applicants, whose information may have been stolen, encouraging them to take additional precautions in coming weeks and months. The company advised precautions such as greater vigilance of bank account statements and also particular care when receiving unsolicited phone calls.
“Shell regrets this incident and is taking every reasonable step to make sure it cannot happen again. The company has asked Shell card applicants that if they become aware of any breach of their security, they should immediately contact local police.”
It is unfortunate that the data was exposed. Yet, as seen with past breaches, when contracting data storage, collection, or processing out to a third party, businesses must hold that company to the same strict standards of protection that they would expect of themselves.
Shell would not comment on the method of attack, or the name of the breached contractor, but, based on past examples of similar attacks, it is a high probability that SQL Injection was used.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story