A hacker group has issued an ultimatum after claiming to have stolen 90 GB of Petrobras data by breaking into the systems of SA Exploration, a company that provides seismic research services. The case has raised concerns about weaknesses in the security chain and has put pressure on the state-owned company to respond quickly. Although Petrobras says the exposure was limited, the incident has drawn major attention because it involves information linked to one of the most strategic areas of the oil sector.
Hackers Issue Ultimatum After Supplier Breach
The hacker group, known as Everest, claims the attack allowed them to extract two large data packages. One package reportedly contains around 90 GB of data related to Petrobras, while the other includes 176 GB of data from SA Exploration. The group says the materials include descriptions, screenshots, and technical information that would prove the intrusion.
The hackers published an ultimatum on the dark web, demanding that Petrobras make contact before they release the files. Their strategy aims to increase pressure by highlighting that the breach affects data used in exploration work, even though the main Petrobras systems were not attacked.
In a statement, Petrobras described the episode as a “one-off exposure.” The company said there was no direct intrusion into its central infrastructure and that only specific information linked to the supplier was affected. Petrobras also stated that it follows cybersecurity protocols and is working to protect its operations. Even so, the event gained attention because the exposed materials are tied to seismic information used to guide exploration activities.
Supplier Failure Reveals a Weak Point in the Security Chain
The case shows how a supplier’s vulnerability can expose sensitive data from a major company. The hackers did not enter Petrobras’ main network but instead used SA Exploration as an indirect path. Because suppliers often have access to important materials, a breach in one partner can affect many companies connected to it.
This type of situation has become common in sectors such as oil and gas, energy, telecommunications, and finance. The more companies depend on digital systems, the more exposed they become. When a supplier is attacked, the consequences can include contract reviews, requests for stronger protection measures, delays in projects involving confidential data, and increased spending on audits and security tools.
In this case, the concern is higher because the materials may include seismic studies, geological mapping, and technical reports that help companies make exploration decisions. Understanding geological structures or potential reserves can influence investments, auction strategies, and the behavior of competitors.
Ransomware attack hits Svenska kraftnät; 280 GB of data reportedly stolen
Sensitive Data Highlights the Sector’s Cyber Risks
The oil and gas sector is often targeted by cybercriminals because it involves valuable data, critical operations, and high economic impact. Criminals may aim to steal information for industrial espionage, demand ransom in exchange for not leaking data, or interfere with systems. As companies adopt more digital tools, including sensors, monitoring networks, and data platforms, the attack surface becomes larger.
The case involving Petrobras and SA Exploration reinforces the need for strong control over the entire information chain. Companies typically work to evaluate the cybersecurity of suppliers, require minimum protection standards, limit the amount of sensitive data stored outside internal systems, and maintain incident-response plans.
While Petrobras continues to classify the exposure as limited, the hackers’ ultimatum has already created concern in the market. The possibility that strategic materials related to exploration may have been accessed highlights how important it is to protect every step of the data path, from service providers to operational systems.
