STOCK TITAN

Ecopetrol Reports Cybersecurity Incident

(Neutral)
(Negative)
Tags

Ecopetrol (NYSE: EC) reported a cybersecurity incident involving unauthorized access to cloud-based file storage used by approximately 15 subsidiaries, including the parent company. Data linked to about 3,300 user accounts was unlawfully downloaded, and an unidentified external actor issued extortion demands, threatening public disclosure.

The company blocked an attempted ransomware attack and activated incident response protocols, including revoking access, blocking mass downloads, investigating attacker techniques, filing a criminal complaint in Colombia, and engaging insurers. Ecopetrol has not identified material disruption, direct financial impact, or data disclosure to date but warns the incident could still adversely affect its business or financial condition.

Loading...
Loading translation...

Positive

  • Attempted ransomware attack blocked by existing cybersecurity controls
  • No material disruption to critical operations or production identified as of report date
  • No direct financial impact preventing business continuity identified so far
  • No disclosure yet of information subject to unauthorized access

Negative

  • Unauthorized access affected cloud environments of about 15 subsidiaries
  • Data linked to approximately 3,300 user accounts was unlawfully downloaded
  • External actor issued extortion demands threatening public disclosure of extracted data
  • Company acknowledges potential material adverse effects on business and reputation

Market Context

The risk context categorized EC's short positioning as low. That platform datum adds limited short-p...
Analysis

The risk context categorized EC's short positioning as low. That platform datum adds limited short-positioning context to the cybersecurity disclosure; data exposure, remediation costs, regulatory compliance, and reputational effects remain the principal unresolved risks.

Key Figures

Affected subsidiaries: approximately 15 subsidiaries Affected user accounts: approximately 3,300 user accounts Employees: more than 19,000 employees +2 more
5 metrics
Affected subsidiaries approximately 15 subsidiaries Cloud-based file storage environments
Affected user accounts approximately 3,300 user accounts Data associated with unauthorized download
Employees more than 19,000 employees Company description
Hydrocarbon production share more than 60% Production in Colombia
ISA ownership 51.4% Ecopetrol's stake in ISA

Historical Context

5 past events · Latest: Jul 16 (Positive)
Pattern 5 events
Date Event Sentiment 24h Move Catalyst
Jul 16 CVM appeal decision Positive -1.1% CVM ruled in favor of Ecopetrol's Brazilian subsidiary on the tender-offer appeal.
Jul 15 Results date announcement Neutral -1.1% Ecopetrol scheduled its second-quarter 2026 results release and conference call.
Jul 01 FEPC payment received Positive +1.5% Government paid approximately COP 1 trillion owed for the second quarter of 2025.
Jun 17 Credit rating affirmed Positive -0.8% S&P affirmed Ecopetrol's BB- rating with a stable outlook.
Jun 15 Labor agreement reached Positive -5.4% Ecopetrol reached a final six-year collective bargaining agreement with USO.

24h Move is the share-price change in the day after each event; other market factors may also have contributed.

Pattern Detected

Historical reactions were mixed: positive developments were followed by both gains and declines, while the labor agreement preceded a 5.37% decline.

Key Terms

ransomware, cloud-based file storage, incident response
3 terms
ransomware technical
"attempted ransomware attack that was blocked"
Ransomware is malicious software that locks or encrypts a company’s computer files and systems, then demands payment for their release — like a thief changing the locks on a business and asking for a ransom. It matters to investors because attacks can halt operations, trigger large cleanup costs, damage customer trust, lead to regulatory fines or legal claims, and reduce future revenue, all of which can hurt a company’s financial value.
cloud-based file storage technical
"affected cloud-based file storage environments"
A remote service that stores and manages digital files on internet-connected servers instead of on a local computer or office drive, letting users upload, access, share and back up documents, images and databases from anywhere. Investors watch it because it affects recurring revenue, operating costs and data security exposure for companies — like renting scalable warehouse space for information rather than owning a single storage room.
incident response technical
"activated its incident response and management protocols"
Incident response is the organized process a company uses to detect, investigate, contain and recover from a security breach, data loss, operational outage or other urgent problem. For investors, it shows how quickly a firm can limit financial and reputational damage, restore normal operations and meet legal or disclosure duties — like an emergency crew that protects a building’s value and occupants when a fire breaks out.

AI-generated analysis. How Rhea-AI works. Not financial advice.

See more from StockTitan in Google Search and AI answers. Adds StockTitan as a preferred source · opens Google
Add on Google

BOGOTA, Colombia, July 17, 2026 /PRNewswire/ -- Ecopetrol S.A. (BVC: ECOPETROL; NYSE: EC) (the "Company") announced that it has identified an unauthorized access to certain digital resources owned by the Company and its subsidiaries by an external actor who has not been identified, as well as an attempted ransomware attack that was blocked by the cybersecurity controls implemented across the Company and its subsidiaries. The unauthorized access affected cloud-based file storage environments of approximately 15 subsidiaries (including the Company), resulting in the unauthorized download of data associated with approximately 3,300 user accounts. The external actor communicated extortion demands, threatening to publicly disclose the information that had been unlawfully extracted.

In response to this incident, the Company initiated an investigation and activated its incident response and management protocols. In addition, the Company deployed the following measures aimed at preventing the public disclosure of the unlawfully extracted information, addressing supervisory actions and/or potential financial costs associated with investigation, remediation, and regulatory compliance, as follows:

a. Immediate revocation of unauthorized access to the compromised digital assets.
b. Blocking of mechanisms associated with the mass download of information.
c. Identification, analysis, and containment of the tactics, techniques, and procedures (TTPs) used by the malicious actor.
d. Filing of a criminal complaint before the Office of the Attorney General of Colombia and deployment of cooperation activities with specialized national authorities.
e. Identification of external infrastructures used for the storage or download of information to pursue restriction or blocking actions.
f. Activation of support mechanisms with insurers and specialized capital markets teams to ensure the proper management of the event.
g. Detailed assessment of the downloaded information and determination of its criticality.
h. Enhanced monitoring of the technology infrastructure under critical alert protocols and continuous validation of preventive and detective controls.

As of the date of this report, the Company has not identified any material disruption to its critical operations, production capacity, or essential services; any direct financial impact that would prevent it from continuing to conduct its business activities; or any disclosure of the information subject to the unauthorized access. However, the Company continues to assess the potential exposure of corporate information, which could include confidential, restricted, proprietary, or personal data, as it cannot guarantee that this incident will not have a material adverse effect on the Company's business, reputation, operating results, or financial condition.

Ecopetrol S.A. will continue to monitor developments related to this matter and, should any material facts or information requiring disclosure to the market be identified, will promptly disclose such information in accordance with applicable laws and regulations.

Ecopetrol is the largest company in Colombia and one of the main integrated energy companies in the American continent, with more than 19,000 employees. In Colombia, it is responsible for more than 60% of the hydrocarbon production of most transportation, logistics, and hydrocarbon refining systems, and it holds leading positions in the petrochemicals and gas distribution segments. With the acquisition of 51.4% of ISA's shares, the company participates in energy transmission, the management of real-time systems (XM), and the Barranquilla - Cartagena coastal highway concession. At the international level, Ecopetrol has a stake in strategic basins in the American continent, with Drilling and Exploration operations in the United States (Permian basin and the Gulf of Mexico), Brazil, and Mexico, and, through ISA and its subsidiaries, Ecopetrol holds leading positions in the power transmission business in Brazil, Chile, Peru, and Bolivia, road concessions in Chile, and the telecommunications sector. 

This release contains statements that may be considered forward-looking statements within the meaning of Section 27A of the U.S. Securities Act of 1933, as amended, and Section 21E of the U.S. Securities Exchange Act of 1934, as amended. All forward-looking statements, whether made in this release or in future filings or press releases, or orally, address matters that involve risks and uncertainties, including in respect of the Company's prospects for growth and its ongoing access to capital to fund the Company's business plan, among others. Consequently, changes in the following factors, among others, could cause actual results to differ materially from those included in the forward-looking statements: market prices of oil & gas, our exploration, and production activities, market conditions, applicable regulations, the exchange rate, the Company's competitiveness and the performance of Colombia's economy and industry, to mention a few. We do not intend and do not assume any obligation to update these forward-looking statements.

For more information, please contact:

Investor Relations Office
Email: investors@ecopetrol.com.co  

Head of Corporate Communications (Colombia) 
Marcela Ulloa 
Email: marcela.ulloa@ecopetrol.com.co 

Cision View original content to download multimedia:https://www.prnewswire.com/news-releases/ecopetrol-reports-cybersecurity-incident-302828952.html

SOURCE Ecopetrol S.A.

FAQ

What cybersecurity incident did Ecopetrol (NYSE: EC) report on July 17, 2026?

Ecopetrol reported unauthorized access to certain cloud-based file storage and an attempted ransomware attack. According to Ecopetrol, an unidentified external actor downloaded data from about 3,300 user accounts and issued extortion demands threatening public disclosure of the unlawfully extracted information.

How many Ecopetrol subsidiaries and user accounts were affected in the July 2026 cyber incident?

According to Ecopetrol, cloud-based file storage used by approximately 15 subsidiaries, including the parent company, was affected. The unauthorized access led to the unlawful download of data associated with around 3,300 user accounts, which is now under detailed assessment for criticality and sensitivity.

Did the Ecopetrol (EC) cyberattack cause operational or financial disruption?

As of the report date, Ecopetrol has not identified material disruption to critical operations, production capacity, or essential services. According to Ecopetrol, it has also not detected any direct financial impact that would prevent ongoing business activities, though assessments are continuing.

How is Ecopetrol responding to the July 2026 cybersecurity breach and extortion attempt?

Ecopetrol activated incident response protocols, revoked unauthorized access, blocked mass download mechanisms, and enhanced monitoring. According to Ecopetrol, it also filed a criminal complaint in Colombia, is cooperating with authorities, engaging insurers, and assessing the downloaded information’s criticality and potential regulatory implications.

Could the July 2026 Ecopetrol cybersecurity incident materially affect EC shareholders?

Ecopetrol warns it cannot guarantee the incident will not have a material adverse effect. According to Ecopetrol, potential impacts could involve its business, reputation, operating results, or financial condition, depending on the nature of exposed information and any subsequent regulatory or remediation costs.

Has any stolen Ecopetrol data been publicly disclosed after the July 2026 breach?

As of the date of the announcement, Ecopetrol reported no disclosure of information subject to the unauthorized access. According to Ecopetrol, the company continues monitoring for any leak while working to prevent public disclosure and evaluating potential exposure of confidential or personal data.