The FIN11 hacking group has published on their leaks website files that were allegedly stolen from oil and gas giant Shell, likely during a cyber-security incident involving Accellion’s File Transfer Appliance (FTA) file sharing service.
Last week, Shell revealed that it was one of the organizations affected by the Accellion cyber-attack, confirming that attackers were able to steal both corporate data and personal information pertaining to its employees.
Some of these files — including passport copies, an evaluation report and a document written in Hungarian — are now public on a Tor-based website where hackers who conduct Clop ransomware attacks leak stolen information.
At the time of the attack on Accellion’s FTA, the soon-to-be-retired service had roughly 300 customers, with up to 25 of them believed to have suffered significant data compromise. The impacted organizations include Qualys, Kroger, Jones Day, Bombardier, and the Office of the Washington State Auditor (SAO).
Data stolen from some of these organizations ended up on FIN11’s leaks website on the Tor network, alongside files supposedly stolen from multiple educational institutions, such as University of Miami, Yeshiva University, University of Maryland, University of California, University of Colorado, and Stanford University.
In a breach notification published on March 26, the University of Miami confirmed impact from the Accellion incident, claiming that the file sharing service “had been used by a small number of individuals at UM to transfer files too large for email,” and that the use of the service has been discontinued.
The FIN11 hackers published on their leak website data pertaining to patients of the University of Miami Health System, UHealth. The leaked information includes names, phone numbers, and email addresses, alongside other data.
“We understand that the Accellion security incident affected multiple federal, state, local, tribal, and territorial government organizations, as well as private industry organizations and businesses including those in the medical, legal, telecommunications, finance, higher education, retail, and energy sectors,” the university said in its breach notification.
Related: Attacks Targeting Accellion Product Linked to FIN11 Cybercrime Group
Related: Enterprise Solutions Provider ‘Software AG’ Hit by Clop Ransomware