Exaprotect BlogManager

Shell Oil has revealed that the personal information of a small number of its employees has been obtained by an IT contractor who was working on-site at the company, and has been used to file fraudulent unemployment claims.

The contractor, who was employed by a third party vendor, was working on the Shell U.S. database, when he was discovered to have accessed the social security numbers (SSN) of four employees and used them as part of an unemployment scam.

Shell has informed the four affected employees, removed the vendor’s employee from their premises and terminated the agreement with the third party vendor. The matter is being fully investigated internally and by the local Harris County law enforcement agency.

In a notice to their employees, Shell said that they had “conducted an extensive investigation to attempt to ascertain whether additional employee data has been compromised and has found no evidence that it has.”

The incident highlights once again the dangers posed by internal fraud and theft which result in a larger number of incidences of stolen identity than those from external theft. It may also have some unwelcome repercussions for Shell, since there are suggestions it could give rise to accusations of non-compliance with the Sarbanes-Oxley Act, which is intended to protect exactly this type of sensitive data.

This entry was posted on Friday, October 10th, 2008 at 9:39 am and is filed under Security Breaches. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.