SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Ransomware

Halliburton Confirms Data Stolen in Cyberattack

The US oil giant updated an SEC filing to confirm malicious hackers “accessed and exfiltrated information” from its corporate systems.
Halliburton ransomware

US oil service giant Halliburton on Tuesday confirmed corporate data was stolen from its computer systems during an August ransomware cyberattack.

In an updated SEC filing, Halliburton stopped short of confirming a ransomware extortion scheme but said the cyberattack caused significant disruptions and limitation of access to portions of its IT systems.

In addition, the Houston, TX company said the hackers “accessed and exfiltrated information” from its corporate systems. “[We are] evaluating the nature and scope of the information, and what notifications are required,” Halliburton said.

The company’s acknowledgement of data loss comes just days after the experts pinned the blame for the cyberattack on a known ransomware gang called RansomHub. The cybersecurity agency CISA, the FBI, the HHS and the Multi-State Information Sharing and Analysis Center (MS-ISAC) on Thursday published a joint advisory detailing RansomHub attacks.

Halliburton said it activated its cybersecurity response plan and launched an investigation internally with the support of external advisors to assess and remediate the breach. The company said response efforts included proactively taking certain systems offline to help protect them and notifying law enforcement.

Halliburton employs about 55,000 though hundreds of subsidiaries, affiliates and brands in more than 70 countries.

Advertisement. Scroll to continue reading.

The oil and gas industry has been a lucrative target for ransomware actors that use leak sites to shame victim organizations into paying ransom demands. Back in 2021, Colonial Pipeline confirmed it shelled out $4.4 million to purchase a decryption key to recover from the disruptive ransomware attack that caused gasoline shortages in parts of the United States.

Related: US Gov Issues Warning About Halliburton Ransomware Attack

Related: Oil Giant Halliburton Confirms Cyber Incident, Details Scarce

Related: Colonial Pipeline Says Personal Information Impacted in Cyberattack

Related: US Recovers Most of Ransom Paid in Colonial Pipeline Hack

Related: Colonial Pipeline CEO Explains $4.4M Ransomware Payment

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: How Modern Breaches Bypass MFA and Evade Detection
June 17, 2026

Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.

Register

Webinar: Modern Exposure Validation in the AI Era
June 24, 2026

AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.

Register

People on the Move

Stephen Garcia has been named Chief Information Security Officer at BreachRx.

Kasper Lindgaard has been appointed Vice President of Security Strategy at CoreView.

Chaim Mazal has been named Chief Information Security Officer at GitLab.

More People On The Move

Expert Insights

Popular Topics

Security Community

Stay Intouch

About SecurityWeek

News Tips

Got a confidential news tip? We want to hear from you.

Submit Tip

Advertising

Reach a large audience of enterprise cybersecurity professionals

Contact Us

Daily Briefing Newsletter

Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.