<
p style=”text-align: justify;”>ENGlobal Corporation, a prominent contractor in the energy sector, has disclosed that a ransomware attack in November 2024 led to the exposure of sensitive personal data. The incident, which occurred on November 25, forced the company to take certain systems offline as a containment measure, limiting access to only critical business processes.
Details of the Attack and Response
In early December, ENGlobal reported the incident to the U.S. Securities and Exchange Commission (SEC), stating that some data on its systems had been encrypted during the attack. However, at the time, the company did not confirm whether any data had been stolen. In a subsequent regulatory filing, ENGlobal revealed that the attackers had indeed accessed sensitive personal information stored on its systems, though it did not provide specific details about the nature or scope of the breach.
“The cybersecurity incident involved the threat actor’s access to a portion of the company’s IT system that contained sensitive personal information. The company intends to provide notifications to affected and potentially affected parties and applicable regulatory agencies as required by federal and state law,” ENGlobal stated.
ENGlobal assured stakeholders that the threat actor had been removed from its network and that all systems had been fully restored. The company also confirmed that its business operations and functions have resumed as usual. However, the attack significantly disrupt
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.