The situation is particularly difficult for the infamous oil corporation- the database of names and personal contact details has been e-mailed to several non-governmental organizations, including Greenpeace, Friends of Earth, and Shell Guilty. Shell has attempted to prevent the NGOs from publishing the information, explaining that in doing so, they would be breaking the law. Additionally, Shell is launching a full scale investigation in an effort to figure out how their employee information ended up accessible to third-parties. While it’s difficult to guess at the techniques used by the hackers involved, one thing is clear- Shell computers aren’t protected by full disc encryption services and, as a result, are much more vulnerable to online threats.

Shell’s Information is a Serious Problem

Understandably, Shell is trying to prevent the security breach from being seen as a serious problem. An article from TimesOnline included a statement from the company:

Yesterday Shell sought to play down the leak. A statement said: ‘Certain data concerning Shell employees and other individuals on our internal address list has been disclosed to some external parties. The data is mainly business-related.’

While there may be some truth in the statement’s claims about much of the information being publicly available and not damaging the company, it’s likely that Shell’s employees feel differently. According to a report by the BBC, some of Shell’s workers had their private home telephone numbers leaked. Even if no personal telephone numbers were leaked, the breach brings attention to the poor status of computer security at Shell. Employees can’t work well knowing that their personal details aren’t well-protected. This last complication is troublesome, at least for Shell, which will need to improve the way it does business in order to reassure its employees that their private information is safe. Dealing with the aftermath of a crisis, such as Shell’s security breach, can be extremely costly and in many cases, a damaged reputation can’t ever truly be recovered, regardless of how much money is spent.

Lessons to Learn

Ironically, Shell’s security breach came at a convenient time- had Shell discovered the breach in April, a new set of laws (covered here and here) would have allowed the company to be charged fines of up to £500,000. However, even without the monetary cost, Shell lost something extremely valuable: the trust of its employees. Shell workers are much less likely to remain loyal to a company which isn’t proactive about protecting its internal information.

In order to earn and maintain the trust of its workers, a company needs to employ solutions which are easy to use and keep data secure. Had Shell been using our Alsertsec Xpress computer security software, the company may have avoided the embarrassing security breach and kept its positive reputation among employees. Our software is specifically designed to keep all business parties happy and secure- it encrypts data, making it much more challenging for the others to access it.

Further Reading
Shell investigates posting of personal data [TimesOnline]
Shell security breach reveals employee details [BBC]