Englobal Cyberattack: Sensitive Personal Data Accessed

ENGlobal Confirms Data Breach Following November 2024 Cyberattack

Engineering firm ENGlobal has acknowledged that unauthorized access to its systems occurred in November 2024, resulting in the compromise of “sensitive personal information.”

Incident Details and Impact

ENGlobal, a provider of engineering and automation services to both governmental entities and organizations managing critical infrastructure, disclosed in a recent 8-K filing with the U.S. securities regulator that data files were subsequently “encrypted” by the attackers. This suggests a potential ransomware incident.

The company reported that several of its core business applications, notably those used for financial reporting, were rendered unavailable for approximately six weeks.

Scope of the Breach

Currently, ENGlobal has not specified the number of individuals impacted by the data breach, nor has it detailed the specific categories of data that were accessed. However, the company stated that notifications will be sent to all affected parties.

Requests for further clarification from TechCrunch were not immediately answered by ENGlobal representatives.

Recovery and Current Status

According to its updated filing, ENGlobal asserts that its operations have been “fully restored” in the wake of the cyberattack. The company believes the threat actor responsible for the intrusion no longer maintains access to its IT infrastructure.

The identity of the threat actor remains undisclosed at this time.

Key Takeaways

• Data Compromise: Sensitive personal information was accessed.
• Ransomware Suspected: Data encryption points to a possible ransomware attack.
• Operational Disruption: Business applications were offline for around six weeks.
• Recovery Claimed: ENGlobal states operations are now fully restored.