ENGlobal, a US energy contractor, has recently disclosed that it fell victim to a cyber-attack in November 2024, resulting in the theft of sensitive personal data. The company reported in an updated filing to the Securities and Exchange Commission (SEC) on January 27, 2025, that a threat actor successfully gained access to a portion of its IT system containing this sensitive information.
As required by law, ENGlobal will soon be notifying affected individuals and relevant regulatory agencies about the breach. However, specific details regarding the type of data that was compromised have not been provided. The company also revealed that several business applications supporting its operations and corporate functions were disrupted for around six weeks following the discovery of the incident, including financial and operating reporting systems.
While these systems have now been fully restored, ENGlobal believes that the threat actor no longer has access to its IT system. In its SEC filing, the company stated that it does not anticipate a material impact on its financial condition or results of operations as a result of the cyber-attack. Additionally, ENGlobal mentioned that it is working closely with cybersecurity experts to enhance its monitoring of cyber threats and prevent unauthorized access to its systems in the future.
Specializing in automation and control systems for clients in the energy sector and US government agencies like the Department of Defense and the Department of Energy, ENGlobal plays a crucial role in maintaining critical infrastructure. The cyber-attack on the company serves as a stark reminder of the increasing threats faced by organizations that are vital to national security and public welfare.
The initial notification to the SEC on December 2, detailing the attack, suggested that the incident might be ransomware-related, with a threat actor illegally accessing the IT system and encrypting certain data files. However, the identity of the perpetrators behind the attack remains unknown. This event underscores the growing risks posed by cyber threats to critical infrastructure organizations, with threat actors often exploiting vulnerabilities in third-party suppliers to target these entities.
A report by SecurityScorecard and KPMG in October 2024 revealed that 45% of security breaches in the energy sector in the previous year were related to third-party compromises. Similarly, in November 2024, energy services provider Halliburton disclosed that a ransomware breach had cost the company $35 million, further highlighting the financial and operational consequences of cyber-attacks on critical infrastructure.
In response to the cyber-attack, ENGlobal and other organizations in the energy sector must prioritize cybersecurity measures to safeguard their systems and data from malicious actors. By enhancing their defenses and collaborating with security experts, these companies can better protect themselves against future threats and minimize the potential impact of cyber incidents on their operations and stakeholders.