Halliburton Disables Systems Following Cybersecurity Breach

The oil drilling and hydraulic fracturing heavyweight Halliburton has taken some of its internal systems offline after experiencing a cyberattack earlier this week.

In a concise announcement to government regulators on Thursday, Halliburton reported detecting unauthorized system access on Wednesday. The company’s immediate response was to strategically disable certain systems. It reported ongoing investigations to ascertain the full impact of the breach.

As a leading entity in the global energy sector with nearly 48,000 workers across various countries, according to its filings, Halliburton is a significant player. It infamously contributed to the 2010 Deepwater Horizon oil rig disaster in the Gulf of Mexico, a mishap which led to Halliburton reaching a $1.1 billion settlement with the U.S. government.

The cyberattack incident first came to light via a Reuters report on Wednesday.

Jeremy Ortiz, a spokesperson for the U.S. Department of Energy, commented that there seems to be no immediate effect on energy services as a result of the incident. The department is in touch with various agencies to assess the situation.

It is a frequent practice among corporations to shut down compromised systems post-cyberattack to thwart further intrusions. This year has seen entities such as Change Healthcare and CDK, an automotive software company, resort to similar measures in the wake of ransomware attacks.

Halliburton’s representative, Victoria Ingalls, limited her comments to what was already submitted in the company’s filing, avoiding any elaboration on the incident’s specifics or interaction with the perpetrators per TechCrunch’s inquiries.

Ingalls confirmed that any further updates would be communicated through 8-K public filings.

TechCrunch has uncovered a vulnerability that potentially allows unrestricted access to Halliburton’s internal networks via its single-sign-on system. Despite querying Ingalls about the company’s awareness and its protocols for reporting such security lapses, the response was a repeat of their standard statement. Moreover, there was no disclosure regarding who at Halliburton is accountable for cybersecurity measures.

Recent disclosures reveal that Halliburton generated $23 billion in revenue for 2023, marking a 13% increase from the previous year. CEO Jeff Miller received $19 million in total remuneration for 2023, as indicated by company filings.

Updated following comments from a DOE representative.