
US-based energy infrastructure solutions company ENGlobal revealed on Tuesday that the attackers who breached the company last November were able to access sensitive personal information from its network servers.
In an amended 8K breach notification filed with the US Securities and Exchange Commission on Tuesday, EnGlobal said it has discovered the threat actor involved in a November 25th breach illegally accessed “a portion of the Company’s IT system that contained sensitive personal information.”
“The preliminary investigation revealed that a threat actor illegally accessed the Company’s information technology (“IT”) system and encrypted some of its data files,” the Houston-based energy company said.
The breach led to the disruption of “portions” of its business applications and company operations for about six weeks, ENGlobal said, including “financial and operating reporting systems.”
Dr. Darren Williams, Founder and CEO of BlackFog, a ransomware prevention and Anti Data Exfiltration (ADX) firm, said the ransomware attack on ENGlobal underscores the growing wave of cyberattacks targeting critical infrastructure.
“With its legacy infrastructure, the energy sector remains a prime target for ransomware groups due to its indispensable role in society and the potential for widespread disruption,” Williams explained.

The CEO further explained that ENGlobal's position as an energy sector contractor makes the company “an obvious target for attackers seeking maximum leverage.”
Williams noted that six new attacks on the energy sector occurred just last month, including those on the Costa Rican-owned energy provider RECOPE, the Romanian energy supplier Electrica Group, and the Duke Energy electric and gas company in North Carolina.
The attack also is a reminder of the chaos that ensued in the aftermath of the Colonial Pipeline ransomware hack, which upended the nation’s gas supply, leaving most of the East Coast scrambling to fill their tanks for nearly a week in 2021.
“The confirmation that hackers accessed sensitive personal data during this attack serves as a stark reminder of the risks posed by ransomware” he said, adding that the “reputational, legal, and operational consequences of such breaches are far-reaching.”
“This makes it imperative for organizations to prioritize robust data protection strategies and preventative security measure, he added.”
Threat actor believed to have been booted from system
The global oil and gas engineering services corporation said with the help of outside cybersecurity experts, the unnamed threat actor no longer has access to the company’s IT systems, and all functions have since been fully restored.
The company filed its initial 8K on December 2nd, 2024, stating once it became aware of the unauthorized access, it “immediately took steps to contain, assess, and remediate the security incident,” restricting access to the IT systems to prevent further damage.
EnGlobal says as part of its remediation efforts, it is now working with those experts to reinforce and strengthen its cybersecurity controls to prevent further cyber incidents.
Although ENGlobal did not reveal whether the sensitive personal data belonged to its employees, clients, or third-party associates, the company said it would be notifying any affected or potentially affected individuals and required regulatory agencies.
Furthermore, it's not clear if EnGlobal paid off its attackers, which Willams says should be avoided at all costs.
“Breaches like this highlight the urgent need for organizations in this sector to adopt proactive measures to combat increasingly sophisticated threats and prevent data exfiltration,” Willams said.
“It is equally critical that organizations resist paying ransoms, as doing so can further embolden attackers and provides no guarantee that stolen data won’t be misused,” he added.
Founded in 1985, ENGlobal focuses on automation solutions and select EPCM (engineering, procurement, and construction management) projects for the energy industry and markets throughout the world, its website states.
Besides the US Department of Defense, Energy, and Department of Commerce, ENGlobal provides engineering and automation solutions for such major oil and gas producers as ExxonMobil, Valero, BP, Chevron Dupont, Georgia-Pacific, and KinderMorgan.
Your email address will not be published. Required fields are markedmarked