Energy giant Shell has disclosed a data breach after attackers compromised the company’s secure file-sharing system powered by Accellion’s File Transfer Appliance (FTA).

Operates in 70 countries with 86k employee is also the fifth-largest company in the works based on its 2020 revenue results according to Fortune’s Global 500 rankings.

Shell’s network untouched

Shell disclosed the attack in a public statement published on the company’s website last week and said that the incident only affected the Accellion FTA appliance used to transfer large data files securely.

Shell addressed the vulnerabilities with its service provider and cyber security team, and started an investigation to better understand the nature and extent of the incident

There is no evidence of any impact to Shell’s core IT systems as the file transfer service is isolated from the rest of Shell’s digital infrastructure. Reached the regulators abot the attack

Some data related to it’s subsidiaries and some contained personal data and others included data from Shell companies and some of their stakeholders.

Clop ransomware gang and FIN11 behind series of Accellion hacks

The Clop ransomware gang has also been using an Accellion FTA zero-day vulnerability to compromise and steal data from multiple companies.

Accellion said that 300 customers used the 20-year-old legacy FTA software, with less than 100 of them being breached by the Clop ransomware gang and FIN11. Less than 25 victims appear “to have suffered significant data theft,” according to Accellion.