Tuesday, October 7, 2008

Shell fingers IT contractor in theft of employee data

I want to remind everyone that believes a credit monitoring service will solve their identity theft issues that they are sadly misinformed. The net result of all of the identity theft TV and radio advertising is to completely confuse the public for the sake of a profit. Sound familiar? If someone misappropriates your bank account, and you report the crime within 30 days of your account statement being mailed to you, your bank will work with you and likely absorb any losses as theirs. When someone files false insurance claims in your name your Casualty and Loss database (CLUE) is altered and you may never get insurance or perhaps a job, again. Without professionals to help you with the real identity theft issues you are fighting a very difficult uphill battle filled with legal pitfalls and a complex network of red tape.

Oil company says outside IT worker used info from database to file fake unemployment claims
Robert McMillan Computerworld
October 6, 2008
(IDG News Service) Shell Oil Co. is warning its employees that an IT contractor used the personal data of four Shell workers as part of an unemployment insurance claims scam in Texas.
Shell Oil, the U.S. subsidiary of Royal Dutch Shell PLC, began notifying employees of the
data breach on Friday, via a written notice that was posted on the Houston-based company's Web site.
Shell spokeswoman
Robin Lebovitz said company officials noticed early last month that someone had used Shell employee data to file fake unemployment compensation claims with the Texas Workforce Commission (TWC). After investigating, Shell determined that an employee of a third-party contractor had misused information stored in a corporate database, Lebovitz said.
The database
includes records for a majority of current and former Shell employees in the U.S., according to Lebovitz. The notice about the breach indicated that the misused data included names, dates of birth, Social Security numbers and some financial information.
The suspected scammer filed four false claims, Lebovitz said, adding that Shell has yet to uncover any evidence that other information from the database was compromised as part of the alleged claims scheme.
Shell didn't identify the company that employed the suspect, saying only that it had been hired to work on a data indexing project involving the database. The notice to employees said that after the fraudulent claims were discovered, Shell escorted the suspect from its premises and terminated its contract with the IT company.
The alleged crime continues to be investigated by Shell, the Houston police and the TWC, Lebovitz said


Anonymous said...

Identity theft is more than just financial these days. Identity thieves can use your personal information to obtain medical, obtain a job, or even commit a crime in your name. To learn more about the growing problem of identity theft please visit www.oneidporblog.com

George Jenkins said...


Thanks for writing about the data breach at Shell. It's good to read that Shell both escorted the identity thief from their offices and terminated its contract with the IT company.

IBM has said zilch about the data tape transport vendor involved in its data breach last year. Not enough companies seem to understand that both transparency and honest communications is important after a data breach.

Shell seems to get it. Why do you think that some companies get it and some don't?