Breach taxonomy
Summary
On August 21, 2024, Halliburton became aware that an unauthorized third party gained access to certain of its systems. The company activated its cybersecurity response plan, proactively took certain systems offline to protect them, and notified law enforcement. The threat actor accessed and exfiltrated information from the company's systems. The incident caused disruptions and limitation of access to portions of business applications supporting operations and corporate functions. The company continued to provide products and services globally during the response.
Tagging rationale
ThreatUnknown
Filing does not attribute the incident to any specific threat actor → UNKNOWN.
MethodsData ExfilSystem Outage
Filing explicitly states the unauthorized third party accessed and exfiltrated information, and the company proactively took systems offline — data exfiltration plus system outage.
AssetsConfidential BizRevenue Process
Filing discloses that information was accessed and exfiltrated, and business applications supporting operations and corporate functions were disrupted — confidential business information and operational assets.
EffectsInfo Privacy LossBiz Interruption
Filing discloses both information exfiltration (information privacy loss) and disruptions to business applications and operations (business interruption).
Business continuityPartial
Filing states the company proactively took systems offline and continued providing products and services globally, but business applications were disrupted — operations continued partially → Partial.
Impact
Data exfiltration and system disruption at a major global oilfield services company; operations continued but business applications were impacted and the company disclosed ongoing remediation expenses.
InsuranceNot disclosed
Filing makes no mention of insurance.
Read the original SEC filing excerpt
Item 1.05. Material Cybersecurity Incident. As previously disclosed in a Current Report on Form 8-K, on August 21, 2024, Halliburton Company became aware that an unauthorized third party gained access to certain of its systems. When it learned of the issue, the Company activated its cybersecurity response plan and launched an investigation internally with the support of external advisors to assess and remediate the unauthorized activity. The Company's response efforts included proactively taking certain systems offline to help protect them and notifying law enforcement. The Company's ongoing investigation and response include restoration of its systems and assessment of impacted data. The Company has been and is communicating with its customers and other stakeholders regarding the incident. The Company is following its process-based safety standards for ongoing operations under the Halliburton Management System and is working to identify effects of the incident. The Company continues to provide its products and services to customers globally. The incident has caused disruptions and limitation of access to portions of the Company's business applications supporting aspects of the Company's operations and corporate functions. The Company believes the unauthorized third party accessed and exfiltrated information from the Company's systems. The Company is evaluating the nature and scope of the information, and what notifications are required. The Company has incurred, and may continue to incur, certain expenses related to its response to this incident.