What Happened in the Murex Petroleum Data Breach?
Murex Petroleum Corporation, a privately held oil and gas exploration and production company based in Houston, discovered a significant data breach affecting its computer network. The company identified the intrusion on Jan. 7, 2026. However, the unauthorized access to its systems actually occurred much earlier, on or about May 27, 2025.
The Akira ransomware group later claimed responsibility for the attack. On June 30, 2025, the group posted on the dark web that it had stolen roughly 25 GB of data from Murex Petroleum. This means the attackers had access to company systems for several months before the breach became public knowledge.
After learning of the incident, Murex Petroleum secured its network and launched a forensic investigation with outside cybersecurity experts. As a result of that review, the company determined that files containing personal information had indeed been accessed or removed by the intruders. This confirmation prompted formal notification to state regulators and affected individuals.
The Murex Petroleum data breach was then reported to attorneys general offices in Maine, New Hampshire, and Vermont, along with the Massachusetts Office of Consumer Affairs and Business Regulation. These filings, submitted on Jan. 28, 2026, gave the public its first official confirmation of the scope of the incident.
Who was affected?
The breach appears to primarily affect current or former employees of Murex Petroleum, based on the type of personal data involved. Confidential corporate documents and employee records were among the files the ransomware group claims to have stolen.
At this time, the exact number of affected individuals nationwide hasn’t been publicly disclosed. Regulatory filings confirm at least one resident each in Maine, Massachusetts, and New Hampshire was impacted, though the true scope is likely larger given the company’s nationwide operations.
Because the exposed data reportedly includes dates of birth and scanned identity documents, it’s possible that dependents or family members listed on certain records could also be affected. So far, however, the confirmed exposure centers on individual employee information rather than customer data.
What Information Was Potentially Exposed?
The Akira ransomware group claims a broad range of sensitive information was taken during the attack. Murex Petroleum has confirmed a smaller subset of that data as verified exposed information.
According to the ransomware group’s claims and the company’s own confirmation, the following data types may have been involved:
- Social Security numbers
- Names
- Tax identification numbers
- Dates of birth
- Home addresses
- Scanned passports
- Scanned Social Security cards
- Scanned driver’s licenses
- Detailed financial records
- Non-disclosure agreements and other corporate documents
Of these, Murex Petroleum has officially confirmed that Social Security numbers, names, and tax identification numbers were exposed. This means the remaining categories claimed by the attackers haven’t been independently verified by the company as of this writing.
Even so, exposure of Social Security numbers alone creates serious risk. Criminals can use this information to open new credit accounts, file fraudulent tax returns, or apply for loans in a victim’s name. Because tax identification numbers were also exposed, affected individuals may face an elevated risk of tax-related fraud during filing season.
If the additional claimed data, such as scanned identity documents and financial records, is ultimately confirmed, the risk profile could expand further. For example, stolen passport or driver’s license scans can enable someone to create convincing fake identification. As a result, affected individuals should treat all data types named by the ransomware group as a potential risk, not just the confirmed ones.
What is the company doing?
Once Murex Petroleum discovered the incident, it moved to secure its network and bring in external cybersecurity professionals. This investigation allowed the company to determine which files had been accessed or removed by the intruders.
After confirming the scope of the exposure, Murex Petroleum began sending written notice to affected individuals starting Jan. 27, 2026. In addition, the company reported the breach to relevant state authorities, including the attorneys general of Maine, New Hampshire, and Vermont, as well as Massachusetts regulators.
To help affected individuals protect themselves, Murex Petroleum is offering complimentary credit monitoring and identity theft protection services through Kroll. These services include single-bureau credit monitoring, fraud consultation, and identity theft restoration support. Enrollment instructions were included in the written notice sent to consumers.
What Should Affected Individuals Do?
Enroll in Credit Monitoring and Identity Protection Services
Anyone who received a notice from Murex Petroleum should sign up for the free Kroll credit monitoring and identity theft protection services. Because this offer is complimentary, there’s no reason to skip it.
These services can alert you quickly if someone tries to open new accounts or lines of credit in your name. In addition, the fraud consultation and restoration support can prove valuable if you ever need help disputing fraudulent charges or resolving identity theft cases.
Place a Fraud Alert or Credit Freeze
Given that Social Security numbers and tax identification numbers were confirmed exposed, affected individuals should strongly consider placing a fraud alert or security freeze on their credit files. This step makes it much harder for criminals to open new credit accounts using your stolen information.
You can request a free security freeze from each of the three major credit bureaus: Equifax, Experian, and TransUnion. A fraud alert, meanwhile, requires creditors to verify your identity before extending new credit. Because both options are free, there’s little downside to using one or both.
Monitor Financial Accounts and Credit Reports
Affected individuals should regularly review bank and credit card statements for any unfamiliar charges. Similarly, checking your credit reports for accounts you didn’t open can help you catch identity theft early.
You’re entitled to a free credit report every year from each major bureau. As a result, spacing out your requests throughout the year lets you monitor your credit more consistently. If you notice anything suspicious, report it right away to your financial institution and the credit bureau involved.
Stay Alert for Phishing Attempts
Because stolen personal data is often used to craft convincing scam emails or phone calls, affected individuals should be cautious of unexpected messages requesting personal or financial information. Scammers may pose as Murex Petroleum, a bank, or a government agency.
Never click links or provide personal details in response to unsolicited messages. Instead, verify any request by contacting the organization directly using a phone number or website you know is legitimate. This simple habit can prevent a phishing attempt from turning into a real financial loss.
Report Suspicious Activity to Authorities
If you notice signs of identity theft or fraud, report it promptly to local law enforcement and the Federal Trade Commission. Filing a report creates an official record that can help you dispute fraudulent accounts later.
You can also file a complaint with your state attorney general’s office, since several states have already opened inquiries into this breach. In addition, consulting a data breach attorney can help you understand whether you may be eligible for compensation related to this incident.
More Information
Official Notice from Murexpetroleum
Official Data Breach Notification Letter (PDF)
