Halliburton Data Breach Was Significant, Prompted Notifications

Sean Michael Kerner, writing in TechTarget, reports that little is known about the Halliburton data breach that happened in August 2024, but the company’s response suggests a significant security incident. Law enforcement was called, and the company notified its customers and other stakeholders.

Halliburton filed a Form 8-K disclosure with the SEC on Aug. 23, a legal requirement if the breach is serious. It also implemented its cybersecurity response plan and took some of its systems offline.

The company’s communications to stakeholders emphasized its compliance with process-based safety standards for operations under its management system. Kerner notes that this means it was striving to maintain normal business operations despite cybersecurity challenges.

The incident illustrates the vulnerabilities in the energy sector. Energy has become a frequent target for cybercriminals because it is critical infrastructure, and a breach can have serious implications for global energy markets and national security.

An attack against Colonial Pipeline in 2021 greatly impacted the U.S. energy sector. The Halliburton data breach doesn’t seem to have affected energy services; it primarily disrupted internal operations.

Kerner lists some best practices to limit cyberattack risk:

• Implement a zero-trust security strategy to ensure that every access request is validated
• Require multi-factor authentication
• Conduct regular cybersecurity risk assessments
• Employ advanced threat detection tools that continuously monitor network activity and quickly identify irregularities
• Train employees via a cybersecurity awareness training program