Halliburton shuts down systems after cyberattack
Oil drilling and fracking giant Halliburton said it has shut down some of its internal systems following a cyberattack earlier this week.
In a brief statement filed with government regulators on Thursday, Halliburton said it became aware of unauthorized access to its systems on Wednesday and responded by “proactively taking certain systems offline.” The company said it is “working to identify any effects of the incident.”
Halliburton, which has close to 48,000 employees in dozens of countries per company filings, is one of the world’s largest energy companies. The U.S. energy giant is widely associated with the massive oil spill caused by the Deepwater Horizon oil rig explosion in the Gulf of Mexico in 2010, in which Halliburton later agreed to settle with the U.S. government for $1.1 billion.
Reuters first reported the cyberattack on Wednesday.
U.S. Department of Energy spokesperson Jeremy Ortiz said in a statement that, “there are no indications that the incident is impacting energy services at this time and DOE is coordinating with interagency partners.”
It’s not uncommon for companies to shut down their systems following a cyberattack, with the goal of preventing the intruders from having continued access to breached systems or gaining access to others. Several companies this year, including health giant Change Healthcare and automotive software maker CDK, shut down their systems following ransomware attacks.
Halliburton spokesperson Victoria Ingalls declined to comment beyond the company’s filing. When asked by TechCrunch, Ingalls declined to describe the nature of the security incident or say whether the company has received any communication from the intruders.
The spokesperson said “any subsequent communications will be in the form of an 8-K,” referring to public filings.
On Friday, TechCrunch identified a potential security issue that allows anyone to access internal Halliburton systems through its single-sign-on provider. When asked by TechCrunch if it was aware of the issue and if Halliburton provides the means to allow for the public reporting of security flaws, Halliburton spokesperson Ingalls declined to answer and reiterated the company’s boilerplate statement.
The spokesperson declined to say which executive, if any, oversees responsibility for cybersecurity at Halliburton, when asked by TechCrunch.
According to the company’s latest full-year earnings release, Halliburton made $23 billion in revenue during 2023, up by 13% on the year prior. Halliburton chief executive Jeff Miller made $19 million in total executive compensation during 2023, the company’s filings show.
Updated with comment from DOE spokesperson.