US vitality contractor ENGlobal has revealed that delicate private knowledge was stolen after it was hit by a cyber-attack in November 2024.
In an up to date submitting to the Securities and Trade Fee (SEC) dated January 27, 2025, the engineering agency mentioned the menace actor gained entry to a portion of its IT system that contained delicate private info.
ENGlobal will shortly be offering notifications to affected people and all related regulatory businesses as required by legislation.
No additional particulars have been supplied about the kind of knowledge that has been impacted.
The corporate additionally reported that a variety of enterprise purposes that assist operations and company capabilities had been disrupted for roughly six weeks after the incident was found. This consists of monetary and working reporting programs.
These programs have been absolutely restored and the agency believes the menace actor not has entry to its IT system.
In its SEC submitting, the agency additionally mentioned it believes that the incident has not had a cloth impression and isn’t fairly more likely to have a cloth impression, on the corporate, together with the its monetary situation and outcomes of operations.
ENGlobal added that it’s working with cybersecurity consultants to strengthen its surveillance of cyber threats and stop future unauthorized entry to its programs.
The corporate offers automation and management programs primarily for vitality sector purchasers and US authorities businesses, together with the Division of Protection and the Division of Vitality.
Rising Cyber Threats Dealing with Vital Infrastructure
ENGlobal first notified the SEC of the assault on December 2, revealing {that a} menace actor illegally accessed its IT system and encrypted a few of its knowledge recordsdata, suggesting the incident is ransomware associated.
There may be presently no indication of which group was behind the assault.
The incident highlights rising cyber threats to important infrastructure organizations.
Menace actors incessantly compromise third get together suppliers to focus on these organizations. A report by SecurityScorecard and KPMG in October 2024 discovered that 45% of safety breaches hitting this business up to now yr had been third-party associated.
In November 2024, vitality companies provider Halliburton revealed {that a} ransomware breach price the agency $35m.