The hacker group asserts that they were able to obtain and release confidential information and reports related to Murphy Oil employees, including details like their email addresses, names, departments, and vehicle information.
SiegedSec hacked Murphy Oil Corporation in March and sent a ransom note after the company declared a dividend. A cyber incident occurred on April 16th, but the company says it didn’t impact their operations or cybersecurity controls.
Previously, SiegedSec targeted Atlassian and exposed confidential data, but Atlassian disputed the number of affected employees.
What is Known About Cyber Attack
SiegedSec, a cyber criminal group, has claimed responsibility for breaching the computer system of Murphy Oil Corporation, a US-based company valued at $6 billion. The hackers uploaded confidential employee information, such as email addresses, names, and vehicle details, on a file-sharing website.
This breach could lead to phishing attacks or identity theft, causing harm to the affected employees. The timing of the attack is suspicious, given Murphy Oil’s recent positive financial rating from Truist. Businesses should prioritize cybersecurity measures to prevent unauthorized access and data breaches to protect sensitive employee data.
Investors are placing greater emphasis on environmental, social, and governance (ESG) practices, as noted in a recent report. The report also emphasizes the commitment of the company to ESG principles.
How Hackers Manage to Crack Cyber Security
SiegedSec is a skilled and notorious hacking group known for their use of social engineering, phishing, and malicious software to infiltrate computer systems, according to cybersecurity firm DarkOwl.
Although the group is renowned for providing high-quality data, experts and legal professionals strongly discourage paying ransom demands, as it is illegal and does not guarantee the safe return of stolen data or prevent future attacks.
Prioritizing cybersecurity measures is crucial to prevent data breaches and unauthorized access. This includes investing in strong security software and conducting regular security audits to identify and address vulnerabilities. Paying ransom is not advised as criminals cannot be trusted to keep the incident confidential, and it is illegal in the US and EU.
Governments support this stance and refuse to pay ransomware, with the EU expanding the NIS Directive to penalize payments. While some may justify paying to restore critical services, preventing successful hacking attempts should be the priority.