The security measures at Royal Dutch Shell are under close scrutiny after the details of 176,000 employees and contractors were emailed to campaigners.
Shell has been the target of extensive campaigning, particularly over its operations in Nigeria. Last year it reached a $15 million out of court settlement, over its alleged involvement in the death of Nigerian activists including the poet Ken Saro-Wiwa. Shell said the payment did not mean it accepted responsibility.
Shell's IT security systems and procedures apparently failed to prevent an email being sent by disaffected staff to campaigners, with an attachment of the contact details of its employees. Details included home telephone numbers of some staff who worked remotely.
The data is approximately six months old, which could suggest it was taken by a former employee, the Financial Times speculated.
BP, one of Shell's largest competitors, in 2008 told employees to be careful about emailing sensitive data, especially when "a telephone call will suffice".
The email of Shell data, sent this week, called for a "peaceful corporate revolution" at the company. There was a 170-page covering letter, which aimed to highlight human rights violations allegedly caused by Shell's operations to Nigeria's Ogoni people.
The message also called for NGO staff to become undercover employees at large corporations, in order to push for a change in practices.
Shell told the FT that the database was genuine, but claimed it did not pose a security risk because it did not contain home addresses. It said it did not believe the notion that disaffected staff had sent the data.