Halliburton, the world’s second-largest oil service company, has confirmed it was the target of a cyberattack that disrupted operations at its Houston headquarters and several global networks. The Houston- and Dubai-based energy sector contractor, employing over 50,000 people across 70 countries, activated its incident response protocols following the breach, which has raised significant concerns in the energy industry.
The company, which reported $23.02 billion in annual revenue in 2023, first acknowledged the incident in a statement, noting that it was “aware of an issue affecting certain company systems” and that it was working “diligently to assess the cause and potential impact.” Although Halliburton refrained from initially describing the situation as a cyberattack, a subsequent Form 8-K regulatory filing with the U.S. Securities and Exchange Commission (SEC) confirmed unauthorized access by a third party.
In response to the breach, Halliburton took several of its computer systems offline, notified law enforcement, and began an internal investigation alongside leading cybersecurity experts. The company is also in contact with its customers and stakeholders to manage the fallout, although it has not provided a timeline for the full restoration of its systems.
Speculation on social media suggests the attack may have originated from a cloud-based system, with reports indicating that employees were instructed to disconnect from the network and manually record their hours. Some unverified reports also claim that a significant amount of data may have been leaked during the attack.
Experts have weighed in on the potential severity of the incident. Jim Doggett, Chief Information Security Officer (CISO) at Semperis, suggested that the attack could involve ransomware, a theory supported by the nature of the disruptions. Richard Caralli, Senior Cybersecurity Advisor at Axio, indicated that the attack might have exploited basic cybersecurity lapses, while Nick Tausek, Lead Security Automation Architect at Swimlane, emphasized the need for stronger and more proactive cybersecurity measures in the industry.
The incident at Halliburton adds to a growing list of cyberattacks targeting U.S. critical infrastructure, which the Cybersecurity and Infrastructure Security Agency (CISA) identifies as vital to national security, economic stability, and public health. The energy sector has become an increasingly attractive target for cybercriminals, with ransomware attacks on critical national infrastructure (CNI) rising sharply in recent years. The FBI reported 1,193 ransomware attacks on CNI entities in 2023, a 37% increase from 2022.
While Halliburton has not disclosed the full extent of the impact or provided detailed information about the attackers, the breach underscores the ongoing threat to the energy sector and the broader implications for national security. The Department of Energy has confirmed its awareness of the incident, though it noted that there were no indications of immediate disruptions to energy services
