ENGlobal Cyber-Attack Exposes Sensitive Data

by admin 0 Comments

Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

US energy contractor ENGlobal has revealed that sensitive personal data was stolen after it was hit by a cyber-attack in November 2024.

In an updated filing to the Securities and Exchange Commission (SEC) dated January 27, 2025, the engineering firm said the threat actor gained access to a portion of its IT system that contained sensitive personal information.

ENGlobal will shortly be providing notifications to affected individuals and all relevant regulatory agencies as required by law.

No further details have been provided about the type of data that has been impacted.

The company also reported that a number of business applications that support operations and corporate functions were disrupted for approximately six weeks after the incident was discovered. This includes financial and operating reporting systems.

These systems have been fully restored and the firm believes the threat actor no longer has access to its IT system.

In its SEC filing, the firm also said it believes that the incident has not had a material impact and is not reasonably likely to have a material impact, on the company, including the its financial condition and results of operations.

ENGlobal added that it is working with cybersecurity experts to strengthen its surveillance of cyber threats and prevent future unauthorized access to its systems.

The company provides automation and control systems primarily for energy sector clients and US government agencies, including the Department of Defense and the Department of Energy.

Rising Cyber Threats Facing Critical Infrastructure

ENGlobal first notified the SEC of the attack on December 2, revealing that a threat actor illegally accessed its IT system and encrypted some of its data files, suggesting the incident is ransomware related.

There is currently no indication of which group was behind the attack.

The incident highlights growing cyber threats to critical infrastructure organizations.

Threat actors frequently compromise third party suppliers to target these organizations. A report by SecurityScorecard and KPMG in October 2024 found that 45% of security breaches hitting this industry in the past year were third-party related.

In November 2024, energy services supplier Halliburton revealed that a ransomware breach cost the firm $35m.

This article was originally published by Infosecurity-magazine.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

2025 State of SaaS Backup and Recovery Report
PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks
AI Surge Drives Record 1205% Increase in API Vulnerabilities
GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs
Meta’s Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks

Leave a Reply

Your email address will not be published. Required fields are marked *