Halliburton, a major player in the oil and gas sector, recently confirmed a data breach following a cyberattack. The breach involved the theft of sensitive information, although the full extent of the data compromised has not been disclosed. While investigations are ongoing, initial reports suggest that threat actors accessed internal systems and stole valuable data.
According to the company’s statement in an SEC filing on 30 August, Halliburton “became aware that an unauthorised third party gained access to certain of its systems” a week prior. The company stated that it “immediately began an investigation with the assistance of third-party cybersecurity experts” and notified relevant authorities.
The energy sector has become an increasingly attractive target for cybercriminals due to its critical infrastructure and valuable intellectual property. This incident follows a pattern of attacks on oil and gas companies, including the Colonial Pipeline ransomware attack in 2021, during which the company was forced to pay $4.4m in ransom.
The exact details of the cyberattack remain under investigation. Halliburton’s SEC filing described the event as “unauthorised access” to its IT environment but did not provide specifics on how the breach was conducted. The company is collaborating with cybersecurity experts and law enforcement agencies to understand the method of attack and identify those responsible.
While Halliburton is still evaluating the scope of the breach, the potential impact could be significant. For a company of Halliburton’s size and reach, the exposure of confidential data can lead to severe financial losses, legal liabilities, and reputational damage. Cyberattacks like these can also disrupt operations, compromise customer trust, and result in costly regulatory fines and penalties.
As explored in our recent webinar on data breaches, all it takes is an email address for a tech-savvy fraudster to obtain the information needed to scam victims. With a potentially large cache of sensitive data stolen during the attack, the perpetrators could be sitting on a goldmine. If put up for sale on the dark web, the stolen data would be an easy sell for cybercriminals looking to commit scams and other lucrative cybercrimes.
As with the recent National Public Data breach, the Halliburton attack opens up the floodgates for fraudsters. Finance teams should be on the lookout for suspicious activity, as large-scale data breaches often have a knock-on effect, fuelling scam attempts and cyberattacks further down the supply chain.
Finance leaders can help protect against cybercrime in the following ways:
Nonprofits are prime BEC targets—see real attacks and what finance leaders must do to protect funds, data, and mission-critical operations.
Manufacturers are top targets for BEC scams. See 6 real cases that expose how attackers steal millions—and what finance teams must do to stay protected.
See how 5 real BEC scams stole millions from healthcare orgs—what finance leaders must know to stop attacks that target payments, data, and operations.
End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.
