Editor’s Note (Updated: Dec. 19, 2025): This story was updated today with additional details from ENGlobal’s amended SEC filing, including the duration of disruption and the company’s notification plans related to sensitive personal information.
- Linked ENGlobal’s initial disclosure in its Dec. 2, 2024 Form 8-K filing.
- Linked ENGlobal’s Jan. 27, 2025 amended Form 8-K/A describing the roughly six-week disruption and restoration.
- Linked ENGlobal’s Chapter 11 disclosure in a March 2025 SEC filing.
- Linked Gulf Island Fabrication’s disclosure of the ENGlobal asset purchases in a June 2025 SEC filing.
ENGlobal, a Houston-based engineering and automation contractor, said a cyberattack discovered in November 2024 encrypted some files and limited access to business systems for about six weeks before operations were restored.
The company said in a Dec. 2, 2024 Form 8-K filing that it became aware of a “cybersecurity incident” on Nov. 25, 2024, and that its preliminary investigation found a threat actor illegally accessed its IT system and encrypted some data files.
ENGlobal said it restricted access while it worked to contain and remediate the incident, leaving only “essential business operations” available, and that it did not yet know when full access would be restored or whether the incident would materially affect financial results.
In a Jan. 27, 2025 amended Form 8-K/A, ENGlobal said the incident limited access to portions of business applications supporting operations and corporate functions, including financial and operating reporting systems, for approximately six weeks. The company said operations and corporate functions had been fully restored and it believed the threat actor no longer had access to its IT system.
The amended filing said the intruder accessed part of ENGlobal’s IT system containing “sensitive personal information” and that the company intended to notify affected people and regulators as required by law. The filing did not specify how many people might be affected or what categories of personal information were involved.
ENGlobal did not publicly identify the malware used. Several cybersecurity and tech outlets described the incident as ransomware in coverage of the amended filing, including TechCrunch and The Record, which also reported no ransomware group publicly took credit at the time.
The incident hit a sector that has seen repeated cyber disruptions in recent years, with engineering and industrial services firms often targeted because they support energy and government work.
ENGlobal later sought Chapter 11 bankruptcy protection, according to a March 2025 SEC filing.
Gulf Island Fabrication subsequently disclosed it acquired ENGlobal’s automation business effective May 12, 2025 and its engineering and government services businesses effective June 16, 2025 through the bankruptcy process, according to a June 2025 SEC filing.
