Energy sector contractor ENGlobal Corporation has confirmed that personal information was compromised during a November 2024 ransomware attack.
The incident occurred on November 25 and resulted in ENGlobal taking certain systems offline as a containment measure, leaving access to only essential business operations available.
In early December, the company informed the US Securities and Exchange Commission (SEC) that certain data on its systems had been encrypted during the attack, but made no mention of any data theft.
In a new regulatory filing with the SEC, ENGlobal confirmed that the attackers compromised personal information stored on its systems, without detailing the scope of the data breach.
“The cybersecurity incident involved the threat actor’s access to a portion of the company’s IT system that contained sensitive personal information. The company intends to provide notifications to affected and potentially affected parties and applicable regulatory agencies as required by federal and state law,” ENGlobal said.
The company also told the SEC that it has fully restored its systems, that its operations and corporate functions have returned to normal, and that the threat actor behind the attack has been evicted from the network.
“The cybersecurity incident limited the company’s ability to access portions of its business applications that supported aspects of the company’s operations and corporate functions, including financial and operating reporting systems for approximately six weeks,” ENGlobal said.
The company noted that the incident has not had and is not expected to have a material impact on its operation, including its financial condition and results of operations.
ENGlobal has not shared information on the threat actor behind the attack and SecurityWeek has not seen any known ransomware group claiming responsibility for the incident.
Related: Record Number of Ransomware Attacks in December 2024
Related: Cyber Insights 2025: Malware Directions
