By Roushni Nair and Navya Mittal
(Reuters) -Shell said on Friday that it had identified a cybersecurity incident involving some employees at BG Group in Australia, the latest company to be hit by the MOVEit hack.
Several businesses globally have reported cybersecurity breaches involving the MOVEit software tool, which is typically used to transfer large amounts of often sensitive data, including pension information and social security numbers.
The oil and gas major said it had identified some personal information related to affected individuals that was accessed without authorization and had made attempts to notify them.
Shell completed its $70 billion takeover of BG Group in 2016, bringing into its portfolio oil and gas projects across countries including Australia and Brazil.
"The data is from 2013 and although it is historic and some of it may be out of date, there is a risk to impacted individuals of identity theft and being targeted by phishing campaigns," Shell said in a statement.
Shell did not immediately respond to a Reuters request for comment to clarify the exact number of individuals impacted.
The company began informing affected staff members in early July, a person with direct knowledge of the matter said.
The incident is the latest among a string of security breaches in corporate Australia since late last year, which led the government to reform its cybersecurity rules and even set up an agency to oversee government investment in the field.
Hebe Chen, an analyst with IG Markets, told Reuters that the incident again highlighted one of the weakest spots in Australia's corporate ecosystem.
"Not only does it expose the fragile protection measures that were in place, but it also raises questions about the effectiveness of the Australian government's national cybersecurity strategy," Chen added.
(Reporting by Roushni Nair and Navya Mittal in Bengaluru; Additional reporting by Florence Tan; Editing by Shailesh Kuber and Alexander Smith)