SGS breach outs key data of Shell India, MG Motors
The business competitive data was available for sale on the DarkWeb or private internet forums for as much as $10,000. It includes quality test reports of some of the prominent oil and gas companies and truck makers. ET has reviewed samples from the data set.
The Geneva-based testing and certification major confirmed the breach and said it has plugged the leaks. “We have already taken necessary measures. Data leaks have totally stopped and a few anomalies were corrected. All the clients have been informed about this and the reports that are available are not harmful information,” said a global SGS spokesperson. He said the company learnt about the breach in August and has begun a probe.
Apart from oil and gas and manufacturing companies in India, servers of SGS’s Korea and French division have been attacked and thousands of test reports and user data have been leaked impacting the local clients of the company. In fact, the data set from the server of SGS Korean division contains more than 6,000 test reports.
Comparing the incident with recent cyber security lapse wherein millions of phone numbers linked to Facebook were found online, analysts said such breach of SGS servers may have financial impact for their customers due to the data being competitive for their business. “Considering the information and reports made available from the company’s servers on the DarkWeb are authentic, it could have significant impact since PDFs and excel sheets are accessed by hackers,” said Saket Modi, CEO at Lucideus, a cyber security platforms’ company for enterprises. “This shows a very high probability that the actual storage devices’ access has been compromised and that could be scary for a simple reason that there might be instances the hackers have access to clients’ data,” said Modi.
ET reached out to some of the Indian clients of SGS such as Daimler, MG Motors and Shell India to understand if there were cases of any damage due to this data leak.