Halliburton says that the data breach loss stemming from the August 2024 ransomware attack that disrupted operations amounts to $35 million.
Halliburton is an energy industry service provider for oil and gas exploration, development, and production. Present in over 70 countries, the energy sector service giant employs over 45,000 people and reports over $20 billion in annual revenue.
Partial system shutdown due to data breach
On August 23, 2024, Halliburton notified the U.S. Securities and Exchange Commission (SEC) that an unauthorized party breached its IT infrastructure. The company responded by taking certain systems offline, launching an investigation involving third-party cyber forensics, and notifying law enforcement and regulatory authorities.
The partial shutdown resulted in limited disruption of operations, hampering the clients’ ability to generate invoices or purchase orders. In a separate SEC filing, Halliburton said the data breach investigation had determined that the cyber attack resulted in data exfiltration.
“The Company believes the unauthorized third party accessed and exfiltrated information from the Company’s systems,” Halliburton wrote. “The Company is evaluating the nature and scope of the information, and what notifications are required.”
While the U.S. oil giant did not identify the threat actor responsible for the cyber attack, cybersecurity experts attributed the apparent ransomware attack to the RansomHub cyber extortion group.
The cyber gang gained notoriety from the Change Healthcare data breach that forced the insurance giant to pay $20 million in ransom. However, it remains unclear if Halliburton complied with potential extortion demands.
Halliburton lost $35 million in the August 2024 data breach
In its subsequent SEC filing, Halliburton said the “incident has not had and is not reasonably likely to have, a material impact on the Company’s financial condition or results of operations.”
Nonetheless, the oil giant reported reduced revenues, which could not be directly attributed to the ransomware attack: “Halliburton’s total revenue for the third quarter of 2024 was $5.7 billion, compared to total revenue of $5.8 billion in the second quarter of 2024. Operating income was $871 million in the third quarter of 2024, compared to operating income of $1.0 billion in the second quarter of 2024.”
However, Halliburton CEO Jeff Miller also estimated the data breach cost incurred as the result of the apparent RansomHub ransomware attack, which amounts to $35 million.
“We experienced a $0.02 per share impact to our adjusted earnings from lost or delayed revenue due to the August cybersecurity event and storms in the Gulf of Mexico,” Miller said.
Luckily, Halliburton’s CEO expects “free cash flow and cash return to shareholders remain unchanged” for the full-year results and expects both to accelerate in the fourth quarter.
Nonetheless, the company did not disclose the cost of ransomware recovery, which could amount to tens of millions of dollars.
Similarly, potential class action lawsuits, if the Halliburton data breach involved customer information, could increase the cost of the ransomware attack. So far, the nature of the information stolen during the Halliburton data breach remains undisclosed.
Meanwhile, energy sector organizations remain prime targets of ransomware attacks due to the impact that disruption of operations can have on customers, making them more likely to pay the ransom to restore operations rapidly.
