Halliburton Hit by Cyberattack, Shuts Down Systems

Halliburton, a multinational corporation specializing in oil extraction and fracking, has announced that it has implemented internal system shutdowns in response to a cyberattack earlier this week

Halliburton disclosed that it experienced unauthorized access to its systems on Wednesday and responded by “proactively taking certain systems offline” in a brief statement submitted to government regulators on Thursday. The organization stated that it is “engaged in identifying any repercussions of the incident.”

According to company filings, Halliburton is one of the world’s largest petroleum companies, with nearly 48,000 employees in dozens of countries. The Deepwater Horizon oil rig explosion in the Gulf of Mexico in 2010 is widely recognized as the cause of the significant oil leak. Halliburton subsequently settled with the U.S. government for $1.1 billion.

The cyberattack was initially disclosed by Reuters on Wednesday.

According to Jeremy Ortiz, spokesperson for the U.S. Department of Energy, “There are no indications that the incident is currently affecting energy services, and DOE is collaborating with interagency partners.”

To prevent intruders from obtaining access to other systems or continuing access to breached systems, it is not uncommon for companies to shut down their systems following a cyberattack. Ransomware attacks have shut down systems at numerous organizations this year, such as the health behemoth Change Healthcare and the automotive software manufacturer CDK.

Victoria Ingalls, a spokesperson for Halliburton, declined to provide additional information beyond the company’s filing. Ingalls declined to provide a detailed account of the security incident or confirm whether the company received any communication from the perpetrators when TechCrunch questioned it.

The spokesperson stated that “any subsequent communications will be in the form of an 8-K,” a reference to public filings.

TechCrunch discovered a potential security vulnerability on Friday that enables anyone to access internal Halliburton systems via its single-sign-on provider. Halliburton spokesperson Ingalls declined to respond to TechCrunch’s inquiry regarding whether the company was aware of the issue and whether Halliburton offers a mechanism for public reporting of security vulnerabilities. She also reiterated the company’s standard statement.

When queried by TechCrunch, the spokesperson declined to disclose which executive, if any, is responsible for cybersecurity at Halliburton.

Halliburton generated $23 billion in revenue in 2023, a 13% increase from the previous year, as indicated by the organization’s most recent full-year earnings release. According to the company’s filings, Jeff Miller, Halliburton’s chief executive, received $19 million in executive compensation in 2023.