Halliburton says that data was taken in an ongoing breach
Energy giant Halliburton admitted that it had been hacked, following a cyberattack that happened last week, permitting attackers to "access and exfiltrate information." Halliburton, in a brief filing with government regulators Tuesday, said it was "assessing the nature and scope of the-stolen-information" and also "determining what notifications are required because of the breach.".
Last week Halliburton said it had disconnected some systems after finding evidence of the cyber-attack and added the company was "working to determine the impact of the incident" on ongoing oil and hydraulic fracturing. Reached Tuesday, an official at Halliburton, Amina River, would not comment. She could also not confirm what information was accessed.
"We are not starting over beyond the limits of what we had in the dinner," said River. Halliburton said it had undergone an "ongoing investigation and response" which includes "restoration of systems" and "evaluation of affected data." At the time of writing, most of the company's public systems were still down. The giant in oil and fracking is counted among the largest energy companies in the world, employing some 48,000 people in many countries, its latest public filings show. Halliburton is yet to shake off close links with the 2010 explosion of the Deepwater Horizon oil rig and a subsequent oil spill in the Gulf of Mexico.
Halliburton later pleaded guilty and agreed to pay $1.1 billion to settle U.S. government criminal and civil claims. Halliburton declined to comment on the specifics of the latest cyber-attack. When reached for comment, Rivera, the spokesperson would not deny that it is a ransomware incident. TechCrunch has viewed what's purportedly a copy of the Halliburton ransom note related to the incident in which the attackers claim to have encrypted and exfiltrated the company's data.
A ransomware group, identified as RansomHub, claimed responsibility for the cyber attack via a note. Ransomhub is a darknet leak site used by gangs to publish stolen files in hope of extorting ransoms from victims. At the time of writing, Halliburton does not appear on its list of victims. Often, ransomware and extortion gangs do publish names of their victims when negotiations break down.
The latest assessment from the US government regarding ransomware groups says that since the emergence of RansomHub in February 2024, it has more than 210 victims. The gang is also responsible for the cyberattack on US medical technology giant Change Healthcare.
Halliburton also noted that the company has taken, and will continue to take, the costs associated with the cyber incident. Additionally, Halliburton expects revenue of $23 billion for the year 2023. It paid Chief Executive Jeff Miller total executive compensation of $19 million for that fiscal year. Halliburton would not disclose who oversees the company's cybersecurity today, or if they would be available to interview.