Oil and Gas giant Shell [LON:SHEL] made a concerning update regarding a massive cybersecurity hack that occurred back in early June this year, which has sent shockwaves through its operations in Australia.
What’s been dubbed the largest hack of 2023 was a wave of data breaches, which was discovered in early June after a vulnerability was found in a third-party software called MOVEit. This managed file transfer software that many large corporations employed.
The full fallout of the breach has yet to be quantified, but the tally of victims at this point has exceeded 60 million and has an estimated cost of nearly $10 billion.
In today’s announcement, the company said that the hack affected some employees who worked with its Australian unit, BG Group, before the merger in 2016. The company has identified some personal information that was accessed without authorisation but has not yet disclosed the exact number of individuals affected.
The timing of the hack could mean other victims under Shell’s umbrella BG Group could potentially include data from a whole host of companies within the Australian ecosystem, including QGC Ltd, previously Queensland Gas Company, which is one of Australia’s largest coalbed methane companies as well as a host of smaller companies surrounding Australia’s critical energy infrastructure.
Source: TradingView
Hack exposes Australia’s vulnerability
Shell identified today that the breach involved certain employees associated with the company’s unit, BG Group, prior to their merger.
The company completed its $70 billion takeover of BG Group in 2016, bringing with it a considerable portfolio of infrastructure deemed critical to Australia’s energy security.
This revelation adds Shell to the growing list of victims affected by the infamous MOVEit hack, which has wreaked havoc on businesses worldwide.
In recent months, numerous organisations have admitted falling prey to the cybersecurity breach involving the software tool MOVEit.
This tool, typically employed for the secure transfer of substantial volumes of sensitive data, has become an unwitting accomplice in exposing confidential information, including pension details and social security numbers worldwide.
The company has diligently initiated efforts to notify these individuals about the breach and its potential implications but has refused to say how many individuals were affected.
This lack of clarity raises concerns about the extent of the breach and the potential scope of the damage.
While the data in question dates back to 2013, it remains a cause for concern due to the risks associated with identity theft and the potential targeting of affected individuals in phishing campaigns, irrespective of the historical nature of the data.
This incident is the latest addition to a series of security breaches that have plagued the corporate landscape in Australia since late last year.
These breaches prompted the Australian government to enact reforms aimed at strengthening cybersecurity regulations.
A National Office of Cyber Security was also established to oversee government investments in cybersecurity and address this growing threat.
Current cyber security rules, government policies and regulations ‘are simply not at the level that we need them to be,’ Prime Minister Anthony Albanese said during a meeting with industry leaders and experts earlier this year.
‘This is really fast moving. It’s a rapidly evolving threat, and for too many years Australia has been off the pace,’ Albanese said.
Minister of Home Affairs, Clare O’Neil also had choice words for the previous government in its efforts in reforming laws surrounding breaches.
‘That law was bloody useless, like not worth being printed on the paper when it came to actually using it in a cyber incident,’ O’Neil told ABC Radio in an interview. ‘They’re not fit for purpose at the moment, and I do think they need reform.’
Australia’s weak spot
As more information drips out about the full extent of the breach, the hack exposes a clear problem that is facing both small and large companies and institutions within Australia.
Hebe Chen, an analyst with IG Markets, said that the incident highlights one of the weakest spots in Australia’s corporate ecosystem once again.
‘Not only does it expose the fragile protection measures that were in place, but it also raises questions about the effectiveness of the Australian government’s national cybersecurity strategy,’ Chen added.
The fallout among the myriad of large projects around Australia will take time to parse but no doubt there will be ruffled feathers in major sites such as the WA Prelude FLNG, which supplies Australia with at least 5.3 million tonnes per annum of Liquefied Natural Gas (LNG).
Shell’s admission of a cybersecurity breach involving its employees is a good sign that the company is trying to proactively manage the fallout.
However, the persistence of the data could mean that the damage is largely already done.
The MOVEit hack has exposed vulnerabilities in organisations worldwide, and its repercussions are far from trivial.
As businesses and governments strive to fortify their cybersecurity defences, incidents like these underscore the ongoing battle against cyber threats and the critical need for enhanced protection measures in our critical infrastructure.
The future demand for these critical fuels
Liquefied Natural Gas is a rapidly growing source of energy and just one of the many major energy projects Shell operates on Australian shores.
Demand for LNG is expected to increase by 50% globally by 2030 as many countries attempt to shift away from heavier fossil fuels.
But can everyone get a slice of the pie when investment into exportation or new projects is falling each year?
Our Editorial Director Greg Canavan has been looking into the cost and implications of Australia’s energy transition to renewables from a wide-eyed economic perspective.
He thinks he’s found a gap in the market where Australians can follow hedge fund investors and billionaires like Warren Buffett into smart investments before the market realises.
Buffett’s Berkshire Hathaway has seen the writing on the wall and is spending big, including:
- Buying 2.1 million shares of a Houston-based oil producer, one of the largest in the world.
- Increased its stake in Occidental Petroleum to 25%, worth over $13.5 billion.
- Spending $3.3 billion to boost its stake in a LNG export terminal in Maryland.
Warren Buffett is no fool, when the ‘Oracle of Omaha’ makes a move, it’s recommended you listen.
If you want to learn more about how you can position yourself in the coming Net Zero energy environment, and the potential U-turn governments will have to make, then
Regards,
Charles Ormond
For Money Morning
