The FIN11 hacker group has posted files allegedly stolen from Shell on their leaks website, most likely during a cyber-security incident involving Accellion’s File Transfer Appliance (FTA) file sharing service.
Shell confirmed last week that it was a victim of the Accellion cyber-attack, confirming that attackers were able to steal both company data and personal information about its employees.
Some of these documents, including passport copies, an appraisal study, and a Hungarian-language paper, are now available on a Tor-based website where hackers who carry out Clop ransomware attacks publish stolen data.
The soon-to-be-retired Accellion FTA service had about 300 customers at the time of the attack, with up to 25 of them thought to have had major data compromise. Qualys, Kroger, Jones Day, Bombardier, and the Washington State Auditor’s Office are among the companies affected (SAO).
Data stolen from some of these organisations ended up on the Tor network’s FIN11 leaks website, along with files reportedly stolen from a variety of educational institutions, including the University of Miami, Yeshiva University, University of Maryland, University of California, University of Colorado, and Stanford University.
The University of Miami acknowledged the effect of the Accellion incident in a breach notice released on March 26, alleging that the file sharing service “had been used by a small number of individuals at UM to upload files too big for email,” and that use of the service has been discontinued.
The FIN11 hackers made data about patients of the University of Miami Health System, or UHealth, public on their leak website. Names, phone numbers, and email addresses are among the data that has been leaked.
In its breach notification, the university said, “We recognise that the Accellion security incident affected numerous federal, state, local, tribal, and territorial government agencies, as well as private industry organisations and businesses, including those in the medical, legal, telecommunications, finance, higher education, retail, and energy sectors.”