U.S. engineering firm ENGlobal has confirmed that hackers accessed “sensitive personal information” from its systems during a November 2024 cyberattack.
ENGlobal, which provides engineering and automation services to the federal government and critical infrastructure organizations, said in an updated 8-K filing with the U.S. securities regulator on Monday that hackers subsequently “encrypted some of its data files,” implying the incident was related to ransomware. The company said some of its business applications — including financial reporting systems — were offline for about six weeks.
The Houston, Texas-based company hasn’t yet said how many individuals are affected by the breach or what types of data were accessed, but said it will notify those affected. ENGlobal did not immediately respond to TechCrunch’s questions.
In its updated filing, ENGlobal says that its operations have been “fully restored” following its cyberattack. The company says it believes the threat actor, who has not yet been named, no longer has access to its IT systems.
