Halliburton, a leading energy company, has confirmed that it experienced a cyberattack last week in which attackers gained unauthorized access to its systems and stole sensitive information.
In a regulatory filing on Tuesday, Halliburton disclosed that it is currently assessing the extent and nature of the data that was compromised, as well as determining which breach notifications are legally required. Last week, the company reported that it had taken some of its systems offline after detecting the cyber intrusion. Halliburton now states that it is working to identify the impact of the breach on its ongoing oil and fracking operations.
When reached for comment, Halliburton spokesperson Amina Rivera declined to provide further details about the nature of the stolen data, saying, “We are not commenting beyond what was included in our filing.”
The company has said that its “ongoing investigation and response” efforts include restoring affected systems and evaluating the compromised data. As of now, several of Halliburton’s public-facing systems remain offline.
Halliburton, which is one of the largest energy companies globally with approximately 48,000 employees across various countries, is still recovering from this attack. The company is known for its involvement in the 2010 Deepwater Horizon oil rig disaster in the Gulf of Mexico, for which it later settled U.S. government charges for $1.1 billion.
So far, Halliburton has been relatively tight-lipped about the incident. Rivera did not deny that the breach was connected to a ransomware attack.
A copy of a ransom note allegedly associated with the incident claims that a ransomware group called RansomHub is responsible for encrypting and stealing Halliburton’s data. The note indicates that the group, known for using a dark web leak site to pressure victims into paying ransoms, has not yet listed Halliburton among its targets. It is common for such groups to disclose victims’ names when ransom negotiations break down.
A RansomHub representative did not respond to inquiries about the Halliburton breach. The U.S. government recently reported that RansomHub has claimed over 210 victims since its emergence in February 2024, including a notable cyberattack on U.S. health tech firm Change Healthcare.
Halliburton has indicated that it will continue to incur expenses related to this cyberattack. In 2023, the company reported $23 billion in revenue, while its CEO Jeff Miller earned $19 million in total compensation for the year.
The company has not disclosed who is currently in charge of cybersecurity and declined to make that individual available for comment.
