Shell's Australian BG Group business hit by MOVEit hack


British multinational oil and gas company Shell says it has identified a cybersecurity incident involving some employees at BG Group in Australia, the latest company to be hit by the MOVEit hack.

Several businesses globally have reported cybersecurity breaches involving the MOVEit software tool, which is typically used to transfer large amounts of often sensitive data, including pension information and social security numbers.

The oil and gas major said it had identified some personal information related to affected individuals that was accessed without authorisation and had made attempts to notify them.

Shell completed its $US70 billion ($A108 billion) takeover of BG Group in 2016, bringing into its portfolio oil and gas projects across countries including Australia and Brazil.

"The data is from 2013 and although it is historic and some of it may be out of date, there is a risk to impacted individuals of identity theft and being targeted by phishing campaigns," Shell said in a statement on Friday.

Shell did not immediately respond to a Reuters request for comment to clarify the exact number of individuals impacted.

The company began informing affected staff members in early July, a person with direct knowledge of the matter said.

The incident is the latest among a string of security breaches in corporate Australia since late last year, which led the government to reform its cybersecurity rules and set up an agency to oversee government investment in the field.

Hebe Chen, an analyst with IG Markets, told Reuters the incident again highlighted one of the weakest spots in Australia's corporate ecosystem.

"Not only does it expose the fragile protection measures that were in place, but it also raises questions about the effectiveness of the Australian government's national cybersecurity strategy," Chen said.