Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Cybercriminals Publish Data Allegedly Stolen From Shell, Multiple Universities

The FIN11 hacking group has published on their leaks website files that were allegedly stolen from oil and gas giant Shell, likely during a cyber-security incident involving Accellion’s File Transfer Appliance (FTA) file sharing service.

The FIN11 hacking group has published on their leaks website files that were allegedly stolen from oil and gas giant Shell, likely during a cyber-security incident involving Accellion’s File Transfer Appliance (FTA) file sharing service.

Last week, Shell revealed that it was one of the organizations affected by the Accellion cyber-attack, confirming that attackers were able to steal both corporate data and personal information pertaining to its employees.

Some of these files — including passport copies, an evaluation report and a document written in Hungarian — are now public on a Tor-based website where hackers who conduct Clop ransomware attacks leak stolen information.

At the time of the attack on Accellion’s FTA, the soon-to-be-retired service had roughly 300 customers, with up to 25 of them believed to have suffered significant data compromise. The impacted organizations include Qualys, Kroger, Jones Day, Bombardier, and the Office of the Washington State Auditor (SAO).

Data stolen from some of these organizations ended up on FIN11’s leaks website on the Tor network, alongside files supposedly stolen from multiple educational institutions, such as University of Miami, Yeshiva University, University of Maryland, University of California, University of Colorado, and Stanford University.

In a breach notification published on March 26, the University of Miami confirmed impact from the Accellion incident, claiming that the file sharing service “had been used by a small number of individuals at UM to transfer files too large for email,” and that the use of the service has been discontinued.

The FIN11 hackers published on their leak website data pertaining to patients of the University of Miami Health System, UHealth. The leaked information includes names, phone numbers, and email addresses, alongside other data.

“We understand that the Accellion security incident affected multiple federal, state, local, tribal, and territorial government organizations, as well as private industry organizations and businesses including those in the medical, legal, telecommunications, finance, higher education, retail, and energy sectors,” the university said in its breach notification.

Advertisement. Scroll to continue reading.

Related: Attacks Targeting Accellion Product Linked to FIN11 Cybercrime Group

Related: Enterprise Solutions Provider ‘Software AG’ Hit by Clop Ransomware

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Cloud security startup Upwind has appointed Rinki Sethi as Chief Security Officer.

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.