Energy giant Halliburton has confirmed that its systems were hacked following a cyber attack last week, with intruders “accessing and stealing information.”
“Halliburton said in a brief filing with government regulators on Tuesday: [stolen] It explains “what information” should be handled and what data breach notifications must be given.
Halliburton said last week that it had taken some systems offline after detecting a cyberattack and that the company was currently “working to determine the impact of the incident” on its ongoing oil and hydraulic fracturing operations.
Reached on Tuesday, Halliburton spokeswoman Amina Rivera would not comment on whether the company knew what data had been stolen. “We have no comment beyond what has been provided in the filing,” Rivera said.
Halliburton said its “ongoing investigation and response” includes restoring systems and “assessing any impacted data.” Many of the company's public-facing systems remain offline as of this writing, according to a TechCrunch investigation.
One of the world's largest energy companies, the oil and fracking giant has about 48,000 employees in dozens of countries, according to its latest public filings. Halliburton is nearly synonymous with the Deepwater Horizon oil rig explosion and oil spill (pictured) in the Gulf of Mexico in 2010. Halliburton later agreed to plead guilty and settle lawsuits with the U.S. government for $1.1 billion.
Halliburton has said little else about the ongoing cyberattack. When asked, Rivera, the company spokesman, did not deny that the incident was related to ransomware.
TechCrunch has seen a copy of a ransom note purportedly linked to the Halliburton incident, which claims the company's files were encrypted and stolen. The document claims responsibility for the cyberattack from a ransomware gang known as RansomHub.
The RansomHub dark web leaks site, which the group uses to publish stolen files and extort ransoms from victims, does not yet list Halliburton as a victim, although it is not uncommon for ransomware and extortion groups to publish the names of their victims when negotiations break down.
When contacted by TechCrunch, a representative for RansomHub declined to comment on the Halliburton hack.
According to a recent US government assessment of the ransomware group, RansomHub has claimed more than 210 victims since its founding in February 2024. The group has also been linked to a cyberattack on Change Healthcare, a major US medical technology company.
Halliburton said it has incurred and will continue to incur costs related to the cyberattack. Halliburton expects to generate revenue of $23 billion in 2023, and CEO Jeff Miller received total executive compensation of $19 million for the year.
Halliburton would not say who currently oversees cybersecurity at the company and declined to make the company available for an interview.
Want to know more about the Halliburton scandal? You can contact this reporter on Signal and WhatsApp at +1 646-755-8849, or by email. You can also contact him via SecureDrop.