Energy behemoth Halliburton recently announced a breach in their security systems, revealing that perpetrators had “gained access to and extracted data” after a cyberassault occurred last week.
Through an official statement made to regulatory authorities on Tuesday, Halliburton is assessing “the type and extent of the [compromised] data,” along with determining the necessary steps for data breach notifications.
Following the cyberattack discovery last week, Halliburton took immediate action by disabling certain systems. The company is currently in the process of “determining the impact of the incident” on its oil and fracking business operations.
Halliburton spokesperson Amina Rivera, when asked for details on Tuesday, chose not to provide specifics or confirm the nature of the stolen data. “Our statement in the filing stands as our [only] comment,” Rivera articulated.
The corporation’s “continual investigation and remediation efforts” include restoring affected systems and “evaluating the data that was impacted.” TechCrunch discovered that many of Halliburton’s external-facing systems are still down, at the time this was written.
With nearly 48,000 employees worldwide and being among the largest global energy conglomerates, Halliburton is still widely associated with the Deepwater Horizon oil spill disaster in the Gulf of Mexico in 2010. The company later acknowledged wrongdoing by settling with the U.S. government for $1.1 billion in response to charges related to the event.
Thus far, Halliburton has remained reticent regarding details of the cybersecurity breach. Spokesperson Rivera, when queried, did not refute the possibility that ransomware could be involved.
TechCrunch obtained a ransom demand allegedly tied to the Halliburton breach, which claims responsibility for encrypting and exfiltrating the firm’s data. This ransom note asserts that a group calling themselves RansomHub is behind the cyberattack.
Although RansomHub’s site on the dark web, used for disclosing stolen information to coerce victims into paying ransoms, hasn’t listed Halliburton as a target. Delayed publication of victim information is a tactic sometimes used by ransomware and extortion groups during unsuccessful negotiation attempts.
When contacted by TechCrunch, a spokesperson for RansomHub abstained from commenting on the incident involving Halliburton.
Per a recent advisory from the U.S. government, RansomHub has victimized over 210 entities since beginning operations in February 2024, including an attack on the healthcare technology giant Change Healthcare.
Halliburton acknowledged that the cyberattack has resulted and will result in expenses. In 2023, Halliburton reported $23 billion in revenue, with its CEO Jeff Miller receiving $19 million in total compensation for the year.
Halliburton declined to disclose who is currently responsible for its cybersecurity or make them available for an interview.
If you have more information about the Halliburton incident, please reach out to this reporter via Signal and WhatsApp at +1 646-755-8849, or through email. You can also contact us through SecureDrop.
Compiled by Techarena.au.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
