Ecopetrol Faces Extortion Threat After Data Linked to 3,300 Accounts Is Stolen

Author: Qoo Media

Ecopetrol is assessing a cyberattack that resulted in the theft of data linked to about 3,300 user accounts. The attackers have also made an extortion demand and threatened to publish the information obtained in the breach.

The incident carries wider significance because Ecopetrol is Colombia’s largest company and one of Latin America’s largest energy producers. It accounts for more than 60% of Colombia’s hydrocarbon production, placing its systems under close scrutiny after the intrusion.

As of Friday, July 17, 2026, Ecopetrol said it had found no critical disruption to its operations or production capacity. The company had also identified no direct financial impact from the cyberattack at that point.

Incident Area Reported Status
User accounts About 3,300 accounts linked to stolen data
Cloud systems File-storage environments at 15 subsidiaries affected
Operations No critical disruption identified
Ransomware attempt Reportedly prevented by Ecopetrol

Data Exposure Remains Under Review

The company said the breach affected cloud-based file-storage environments across 15 subsidiaries, including Ecopetrol itself. That scope means the incident extends beyond a single platform or business unit.

Potentially affected information includes confidential material, company information, and personal data. Ecopetrol has not disclosed the specific types of data stolen or identified the people whose accounts were connected to the breach.

Ecopetrol said it prevented a ransomware attack during the incident. However, it is continuing to review whether data may have been exposed through the access already obtained by the attackers.

Publication Threat Raises Broader Risks

CNBC Indonesia, citing Reuters, reported that the stolen data had not been published as of Saturday, July 18, 2026. The threat of disclosure nevertheless remains a central concern for the company.

Ecopetrol has warned that the incident could still result in material harm in the future. The potential effects under consideration include its business, reputation, operational results, and financial condition.

The combination of data theft and a publication threat can turn a systems-security event into a broader trust issue. Ecopetrol has not yet identified the party responsible for the attack, and details of the extortion demand were not disclosed.

No Reported Impact on Hydrocarbon Output

Despite the breach, Ecopetrol has not reported a direct impact on Colombia’s hydrocarbon production. This is important given the company’s role in the country’s energy sector and the scale of its output.

The company is continuing its assessment to establish the extent of the data exposure and any follow-on consequences. Its latest update does not rule out future losses, even though no critical operational interruption has been found so far.

Source: www.cnbcindonesia.com
Latest