Saudi Aramco, the world's largest oil-exporting company, confirmed on Wednesday that there was an “indirect release” of some of its data from contractors and is not the result of a cyber attack of its systems.
Aramco said the leak did not affect the company’s operations and its security infrastructure is intact.
“Aramco recently became aware of the indirect release of a limited amount of company data, which was held by third-party contractors,” Aramco said in a statement to The National.
“We confirm that the release of data was not due to a breach of our systems, has no impact on our operations and the company continues to maintain a robust cyber-security posture."
Aramco did not disclose the name of the third-party contractors from where data was leaked.
In 2017, Saudi Arabia, Opec's biggest producer, established the National Cybersecurity Authority (NCA) to combat cyber threats.
In the Middle East, companies such as Saudi Aramco, the world's largest exporter of oil, are enforcing stricter compliance on third-party vendors to ensure their facilities are protected against cyber attacks, that could impact the supply of oil globally.
Suppliers including general vendors and those specialising in outsourced infrastructure, customised software, network connectivity, and critical data processors need to obtain Saudi Aramco's cyber security standard certification.
The financial fallout from cyber attacks in the Arabian Gulf in 2017 was estimated at more than $1 billion, according to 2018 report by Siemens.
Three quarters of regional oil and gas companies, or more than 30 per cent of global oil production, has experienced some form of cyber-security breach in the past, UAE-based company DarkMatter said.
In 2012, the Shamoon virus attack target Saudi Aramco systems and wiped the hard drives of about 30,000 computers. The attacks were blamed on Iran, which denied responsibility.
In 2017, a petrochemical project joint venture between Saudi Aramco and Dow Chemical also experienced a spate of hacking attacks.