Halliburton reported a $35 million loss stemming from an August ransomware attack that compelled the company to shut down its IT systems and disconnect from customers. The global energy services provider, known for its solutions in oil and gas exploration, development, and production, operates in 70 countries with a workforce of 48,000 and reported revenues exceeding $23.02 billion.

On August 23, 2024, Halliburton informed the U.S. Securities and Exchange Commission (SEC) that an unauthorized third party had breached its systems. In response, the company disabled certain IT infrastructure components, leading to limited operational disruptions and client disconnections.

Subsequent revelations identified the RansomHub ransomware group as the perpetrators behind the attack. A follow-up 8-K filing with the SEC confirmed that data was stolen from Halliburton’s network, though the specific nature and extent of the compromised information are still under investigation.

At the time of the incident, Halliburton expressed that it was unlikely to have a significant financial impact, a stance supported by their third-quarter 2024 earnings report. Jeff Miller, the company’s Chairman, President, and CEO, stated, “We experienced a $0.02 per share impact to our adjusted earnings from lost or delayed revenue due to the August cybersecurity event and storms in the Gulf of Mexico. Our full-year expectations for free cash flow and cash return to shareholders remain unchanged, and we expect both to accelerate in the fourth quarter.”

Despite the relatively minor cost of addressing the cyberattack for a company of Halliburton’s scale, uncertainties remain regarding the stolen data. If the ransomware group decides to sell or leak information that could expose Halliburton’s clients, the company may face additional financial repercussions from potential legal actions.