- My search for the best MacBook docking station is over. This one can power it all
- This $500 Motorola proves you don't need to spend more on flagship phones
- Finally, budget wireless earbuds that I wouldn't mind putting my AirPods away for
- I replaced my Linux system with this $200 Windows mini PC - and it left me impressed
- I recommend the Pixel 9 to most people looking to upgrade - especially while it's $250 off
ENGlobal Cyber-Attack Exposes Sensitive Data
US energy contractor ENGlobal has revealed that sensitive personal data was stolen after it was hit by a cyber-attack in November 2024.
In an updated filing to the Securities and Exchange Commission (SEC) dated January 27, 2025, the engineering firm said the threat actor gained access to a portion of its IT system that contained sensitive personal information.
ENGlobal will shortly be providing notifications to affected individuals and all relevant regulatory agencies as required by law.
No further details have been provided about the type of data that has been impacted.
The company also reported that a number of business applications that support operations and corporate functions were disrupted for approximately six weeks after the incident was discovered. This includes financial and operating reporting systems.
These systems have been fully restored and the firm believes the threat actor no longer has access to its IT system.
In its SEC filing, the firm also said it believes that the incident has not had a material impact and is not reasonably likely to have a material impact, on the company, including the its financial condition and results of operations.
ENGlobal added that it is working with cybersecurity experts to strengthen its surveillance of cyber threats and prevent future unauthorized access to its systems.
The company provides automation and control systems primarily for energy sector clients and US government agencies, including the Department of Defense and the Department of Energy.
Rising Cyber Threats Facing Critical Infrastructure
ENGlobal first notified the SEC of the attack on December 2, revealing that a threat actor illegally accessed its IT system and encrypted some of its data files, suggesting the incident is ransomware related.
There is currently no indication of which group was behind the attack.
The incident highlights growing cyber threats to critical infrastructure organizations.
Threat actors frequently compromise third party suppliers to target these organizations. A report by SecurityScorecard and KPMG in October 2024 found that 45% of security breaches hitting this industry in the past year were third-party related.
In November 2024, energy services supplier Halliburton revealed that a ransomware breach cost the firm $35m.
