Month: August 2024

Giant oil service company Halliburton confirmed that it was hit by a cyberattack that forced the company to take systems offline.

In a SEC filing, Halliburton said that “On August 21, 2024, Halliburton Company (the “Company”) became aware that an unauthorized third party gained access to certain of its systems.” The filing further says: “When the Company learned of the issue, the Company activated its cybersecurity response plan and launched an investigation internally with the support of external advisors to assess and remediate the unauthorized activity. The Company’s response efforts included proactively taking certain systems offline to help protect them and notifying law enforcement. The Company’s ongoing investigation and response include restoration of its systems and assessment of materiality.”

It isn’t clear at the time of this writing whether the cyberattack is some form of ransomware attack.

The company did not immediately respond to requests for further comment about the impact of the cyberattack.

Houston, Texas-based Halliburton employs 48,000 employees and operates in 70 countries.

Read more about it here.

Jerico Pictures Inc., doing business as National Public Data (“NPD”), exposed in April 2024 the personal information of nearly 2.9 billion individuals as a result of a data breach.

NPD is background check company that allows its customers to search billions of records with instant results.

In early April, 2024, a threat actor that uses the moniker of USDoD gained access to NPD’s network, and was able to exfiltrate unencrypted PII, including full names, Social Secutiy numbers, address history, and family information, of billions of individuals whose data is stored on NPD’s network.

On April 8, 2024, USDoD announced the sale of a “National Public Data” database on a dark web forum called Breached. It offered the 2.9 billion records for $3.5 million.

Researchers from VX-underground requested and received an advance copy of the data, reviewed the massive file – 277.1GB uncompressed, and confirmed that the data present in it is real and accurate. They also noticed that the database doesn’t contain information from individuals who use data opt-out services. People who did not use data opt-out services and resided in the United States were immediately found. The archive also contains data on deceased people.

A proposed class action lawsuit was filed in U.S. District Court, Southern District of Florida, Fort Lauderdale Division, on behalf of Christopher Hofmann, who said he received a notification from his identity theft protection service provider the month before that his data was on the dark web due to a data breach.

Read more about it here.

CrowdStrike is being sued by its shareholders after a faulty update released on July 19, 2024 by CrowdStrike Falcon caused Windows systems to display the Blue Screen of Death (BSoD) screen. The flawed release caused widespread global disruptions, impacting critical infrastructure such as airports, hospitals, banks, and government services. It caused 8.5 million Microsoft Windows systems globally to crash.

The lawsuit accuses CrowdStrike executives of making “false and misleading” statements that the company’s software updates were adequately tested.

CrowdStrike denies the allegations and has announced it will oppose the proposed class action lawsuit.

“We believe this case lacks merit and we will vigorously defend the company,” a spokesperson said.

Delta Air Lines’ CEO, Ed Bastian, revealed in a recent CNBC interview that the outage caused by Crowdstrike led to $500 million in losses for the airline. Delta is now seeking compensation from CrowdStrike, as well as from Microsoft.

Both CrowdStrike and Microsoft denied any wrongdoing. CrowdStrike pointed out that “no other US airline had cancelled one-tenth as many flights”. Microsoft pointed out that Delta’s IT systems were outdated.

The company’s share price dropped 32% in the 12 days after the incident, causing a loss in market value of $25 billion.

Read more about it here.