Energy giant Halliburton has confirmed its systems were hacked following a cyberattack last week, with intruders “accessing and exfiltrating information.”
In a brief filing with government regulators on Tuesday, Halliburton said it was “assessing the nature and scope of the information stolen” and what data breach notification it should provide.
Halliburton said it took some systems offline after detecting a cyberattack last week. The company said it was “working to understand the impact of the incident” on its ongoing oil and fracking operations.
When reached Tuesday, Halliburton spokeswoman Amina Rivera would not comment or say whether the company knew what kind of data was stolen. “We don’t comment beyond what we have submitted,” Rivera said.
Halliburton said its “ongoing investigation and response” includes restoring systems and “assessing impacted data.” According to TechCrunch, most of the company’s publicly visible systems are offline at the time of writing.
According to recently released data, the oil and fracking giant, one of the world’s largest energy companies, employs about 48,000 people in dozens of countries. Halliburton remains synonymous with the 2010 Deepwater Horizon oil rig disaster in the Gulf of Mexico, which resulted in an explosion and oil spill (pictured). Halliburton later pleaded guilty and agreed to pay $1.1 billion to settle charges with the U.S. government.
Halliburton has said little else about the ongoing cyberattack. When asked, Halliburton spokesman Rivera would not deny that the incident was ransomware-related.
TechCrunch has seen a copy of a ransom note believed to be related to the Halliburton incident, which claims the company’s files were encrypted and stolen. The note credits a ransomware gang called RansomHub for the cyberattack.
The RansomHub dark web leak site is used by gangs to post stolen files to intimidate victims into paying ransom, but has not yet listed Halliburton as one of its victims. It is not uncommon for ransomware and extortion gangs to post victims’ names when negotiations break down.
When TechCrunch reached out to a RansomHub spokesperson, they would not comment on the Halliburton hack.
According to a recent US government ransomware gang assessment, RansomHub has affected over 210 victims since its founding in February 2024. The gang has also been linked to a cyberattack on US health care giant Change Healthcare.
Halliburton said it has incurred and will continue to incur costs related to cyberattacks. Halliburton earned $23 billion in revenue in 2023, and CEO Jeff Miller earned $19 million in total executive compensation that year.
Halliburton officials would not disclose who is currently overseeing the company's cybersecurity, and the company declined to comment.
Do you know more about the Halliburton case? You can contact this reporter via Signal and WhatsApp at +1 646-755-8849 or by email. You can also contact him via SecureDrop.
