Oil and fuel big Halliburton has confirmed in a submitting at this time to the Securities and Change Fee (SEC) that information was stolen within the current assault linked to the RansomHub ransomware gang.
The shape 8-Ok submitting mentions that an unauthorized third social gathering accessed and exfiltrated delicate info from Halliburton programs, and the corporate is now within the strategy of figuring out the precise scope of the breach.
“The Firm believes the unauthorized third social gathering accessed and exfiltrated info from the Firm’s programs,” reads Halliburton’s newest 8-Ok Kind submitting to the SEC.
“The Firm is evaluating the character and scope of the data, and what notifications are required.”
Halliburton initially disclosed the safety breach through an 8-Ok kind submitting on August 22, mentioning that it detected unauthorized entry to its programs with out sharing many particulars concerning the nature and scope of the incident.
Later within the month, BleepingComputer was the primary to report that the RansomHub ransomware operation was behind the assault and that the oil big was battling an intensive IT system and enterprise disruptions.
An electronic mail Halliburton despatched to suppliers revealed that the corporate needed to take sure programs offline to include the assault and had contracted Mandiant to assist them with the investigation and remediation efforts.
The most recent 8-Ok Kind confirms the operational disruptions inside employees beforehand reported on Reddit discussions.
“The incident has prompted disruptions and limitation of entry to parts of the Firm’s enterprise functions supporting elements of the Firm’s operations and company capabilities,” Halliburton explains.
Monetary and buyer influence
Halliburton has not shared particulars of the assault with the media or its clients, inflicting confusion and concern to different companies who had their programs linked to Halliburton’s platform and feared infections.
The corporate now says it’s speaking with clients and different stakeholders concerning the incident and assessing the necessity for notifications. On the identical time, it acknowledges the dangers of litigation and modifications in buyer habits.
Concerning the monetary influence, Halliburton says the incident is unlikely to have materials influence. Heavier monetary burdens from potential authorized actions or popularity dangers aren’t dominated out.