Murex Petroleum Data Breach by Ransomware Group Exposes PII

On Jan. 7, 2026, Murex Petroleum Corporation, a privately held oil and gas exploration and production company based in Houston, discovered a significant data breach affecting its network.

The breach was first detected on May 27, 2025, when unauthorized access to the company’s systems occurred.

The Akira ransomware group took responsibility for the attack, stating on the dark web on June 30, 2025, that they had exfiltrated approximately 25 GB of data from Murex Petroleum Corp.

After the company determined that files containing personal information had been accessed or removed by the intruders, the incident was reported to the Maine Attorney General on Jan. 27, 2026, and to the Vermont Attorney General on Jan. 28, 2026.

The breach affected an undisclosed number of individuals nationwide, with one confirmed Maine resident impacted.

The official types of consumer information exposed were not detailed in the company’s filings; however, information published by the ransomware group claims the stolen data includes confidential documents, employee personally identifiable information (PII) such as Social Security numbers, dates of birth, addresses, scans of passports, Social Security cards, or driver’s licenses, as well as detailed financial records, non-disclosure agreements and other sensitive corporate documents.

Murex Petroleum Corporation's response

Upon discovering the incident, Murex Petroleum secured its network and launched a thorough investigation with the help of external cybersecurity professionals. The company reviewed the impacted data and, after confirming the exposure, began notifying affected individuals by written notice starting Jan. 27, 2026.

Murex Petroleum is offering complimentary credit monitoring and identity theft protection services through Kroll. Affected individuals are encouraged to enroll in these services, which include single-bureau credit monitoring, fraud consultation and identity theft restoration support. Instructions for enrollment and additional guidance have been provided in the written notice to consumers.

Given the nature of the breach and the involvement of ransomware, it is especially important for those affected to remain vigilant. Recommended steps include:

• Enrolling in the provided credit monitoring service
• Reviewing financial account statements and credit reports for suspicious activity
• Placing a fraud alert or security freeze on credit files with the major credit bureaus
• Requesting and reviewing a free credit report annually
• Reporting any suspicious activity to law enforcement and the Federal Trade Commission

The company has also provided resources and contact information for state and federal agencies to assist individuals in protecting their personal information.