Energy giant Halliburton has confirmed its systems were hacked and that intruders “accessed and exfiltrated information” following a cyberattack last week.
In a brief filing with government regulators on Tuesday, Halliburton said it was “evaluating the nature and scope of the [stolen] information,” and what data breach notifications it is required to make.
Halliburton last week said it took some of its systems offline following the detection of the cyberattack. The company now says it is “working to identify effects of the incident” on its ongoing oil and fracking operations.
When contacted on Tuesday, Halliburton spokesperson Amina Rivera did not comment or say if the company knows what kinds of data were stolen. “We are not commenting beyond what was included in our filing,” said Rivera.
Halliburton says its “ongoing investigation and response” includes the restoration of its systems and the “assessment of impacted data.” Much of the company’s public-facing systems remain offline at the time of writing, TechCrunch has found.
The oil and fracking giant — one of the world’s largest energy companies — has close to 48,000 employees in dozens of countries, according to its most recent public filings. Halliburton remains largely synonymous with the explosion and oil spill caused by the Deepwater Horizon oil rig disaster in the Gulf of Mexico in 2010 (pictured). Halliburton subsequently agreed to plead guilty and settle U.S. government charges for $1.1 billion.
Halliburton has said little else about the ongoing cyberattack. When asked, Halliburton spokesperson Rivera did not dispute the incident was linked to ransomware.
TechCrunch has seen a copy of a ransom note purportedly related to the Halliburton incident that claims to have encrypted and stolen the company’s files. The note says a ransomware gang known as RansomHub is taking credit for the cyberattack.
RansomHub’s dark web leak site, which the gang uses to publish stolen files to extort its victims into paying a ransom, has not yet listed Halliburton as one of its victims. It’s not uncommon for ransomware and extortion gangs to publish the name of its victims when negotiations fall through.
A representative for RansomHub, when reached by TechCrunch, did not comment on the Halliburton hack.
According to a recent U.S. government assessment of the ransomware gang, RansomHub has claimed over 210 victims since its inception in February 2024. The gang is also linked to the cyberattack at U.S. health tech giant Change Healthcare.
Halliburton said it has and will continue to incur expenses related to the cyberattack. Halliburton made $23 billion in revenue during 2023, and its chief executive Jeff Miller made $19 million in total executive compensation during the year.
Halliburton would not say who presently oversees cybersecurity at the company, and would not make them available for an interview.
Do you know more about the Halliburton incident? You can contact this reporter on Signal and WhatsApp at +1 646-755-8849, or by email. You also can contact us via SecureDrop.