Saudi Aramco, the world’s largest oil producer, has confirmed a key data leak incident via a contractor — after the files were used in a $50 million cyber-extortion attempt.
Aramco acknowledged the leak, saying it “recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors”.
The incident highlights how state-owned giants are vulnerable to cybersecurity threats, despite having robust digital security systems.
The company said in an email to Upstream on Thursday that “the release of data was not due to a breach” of its systems, and “has no impact” on its operations.
Aramco added that it “continues to maintain a robust cybersecurity posture”.
However, it did not disclose the name of the contractor involved or explain how the data were compromised.
Aramco, which has oil production capacity of about 12 million barrels per day, operates some of the largest oilfields in the world and works with hundreds of contractors to carry out its operations.
Several leading international engineering, procurement and construction giants are working with Aramco on some of its incremental megaprojects involving the Marjan, Berri and Zuluf offshore oilfields.
In addition, scores of contractors are involved with its multiple long-term agreements for all of Saudi Arabia’s brownfield and maintenance work at onshore and offshore fields.
A page accessed by the Associated Press on the darknet — a part of the internet hosted within an encrypted network and accessible only through specialised anonymity-providing tools — claimed the extortionist held one terabyte of Aramco data, news reports claimed. A terabyte is equivalent to 1,000 gigabytes.
The hacker is believed to have obtained information on the location of oil refineries, as well as payroll files and confidential client and employee data, the Financial Times reported.
The page said Aramco could have the data deleted in exchange for $50 million in the Monero cryptocurrency, while also offering prospective buyers a chance to purchase the Aramco data for about $5 million, news reports claimed.
Some cryptocurrency transactions might not be traced, luring some cyber hackers to demand ransom through cryptocurrencies.
Previous data and security breaches
This is not the first time Aramco has been targeted through a security or data breach.
Two years back, its Abqaiq processing facility in the east of the country was hit by a series of missile and drone strikes that the US blamed on Iran.
In 2012, an alleged cyber-attack also blamed on Iran, erased data on about three-quarters of Saudi Aramco's computers, according to reports at the time, including files, spreadsheets and emails, the Financial Times reported.
In 2017, another virus swept across Saudi Arabia, disrupting computers at Sadara, a joint venture between Aramco and Dow Chemical Co, reports stated.