Cyber Incident Victim: Parker Wellbore

On June 16, 2023, Parker Wellbore filed a notice of data breach with the Attorney General of Texas. The filing indicated the company had recently learned that hackers had gained access to confidential information entrusted to it. The discovery of the incident was not detailed, but it involved an unauthorized party obtaining access to sensitive consumer data. The specific method of the cyber intrusion was not disclosed, and it remained unclear whether the breach occurred on Parker Wellbore’s own computer network or on the systems of a third-party vendor it utilized.

Upon discovering that sensitive consumer data had been exposed to an unauthorized party, Parker Wellbore initiated a review of the affected files. This process was undertaken to determine the precise scope of the incident, including what specific types of information were compromised and which consumers were impacted by the event. The investigation confirmed that the unauthorized access had resulted in the leakage of personal information.

The compromised data varied from individual to individual but included a range of highly sensitive personal identifiers. The affected information encompassed consumers' names, Social Security numbers, and driver's license numbers. Government-issued identification numbers were also accessed. Financial information was exposed, including financial account details and credit or debit card numbers. Furthermore, the breach involved the unauthorized access of medical information, a particularly sensitive category of data.

Following the confirmation that consumer data had been leaked, Parker Wellbore commenced the process of notifying affected individuals. On June 16, 2023, the same day it filed notice with the Texas Attorney General, the company began sending out data breach notification letters to all individuals whose information was compromised as a result of the recent data security incident. These letters served to inform consumers that their personal data had been exposed and was now in the hands of an unauthorized party.

The public disclosure of the incident was initially made through the legal filing with the State of Texas. The company had not yet posted a notice of the incident on its official website at the time of the filing, making the information available on the Texas Attorney General’s “Data Security Breach Reports” page the primary source of early information. Consequently, the publicly available details regarding the breach were limited at the outset.

Parker Wellbore is a company founded in 1934 and is based in Houston, Texas. It operates within the utility and energy industry, providing support services to utility, oil, and gas companies. Its business activities include the operation and management of rig assets as well as the rental of equipment to businesses within the energy sector. The company employs more than 519 people and generates approximately $110 million in annual revenue. The data breach incident exposed the personal information of an undisclosed number of consumers who had entrusted their data to the company.

The direct impact of the incident was the significant increase in the risk of identity theft and other fraudulent activities for the affected individuals. The exposure of core personal identifiers such as Social Security numbers and financial information provides malicious actors with the necessary tools to commit various forms of financial fraud. The compromise of medical information further compounds the potential harm, posing risks related to medical identity theft and privacy violations. The company’s response actions were focused on the review of the breached data and the subsequent notification process as required by law.