Shell says a cybersecurity “incident” last week targeted a third-party vendor it works with, and not the oil and gas company itself.
Shell launched an internal investigation after it learned of a “potential cybersecurity incident” on May 29.
“Our investigation shows that the data in question did not come from a Shell system, nor was Shell-held customer data exposed,” a Shell spokesperson told CTVNews.ca in an email on Thursday.
In the statement, Shell said a vendor who provides the company with “anonymous mystery shopping services” had experienced a data breach.
Shell said the vendor uses a third-party platform to store data related to its mystery shopper contractors, and the data was “exposed” through the third-party platform.
The vendor is contacting impacted individuals and regulatory bodies, Shell said, adding that it will continue to monitor its own IT systems.
With files from CTVNews.ca’s Megan DeLaire
