Ecopetrol cyber breach hits 3,300 accounts amid CEO exit crisis
A blocked ransomware attack on Ecopetrol still resulted in the theft of data from 3,300 accounts, compounding financial risk during a politically charged leadership handover.
Ecopetrol disclosed on 17 July that an unidentified external actor accessed its cloud file-storage environments and downloaded data tied to roughly 3,300 user accounts. The breach spanned approximately 15 entities within the Ecopetrol Group. While the company’s cybersecurity controls successfully prevented the ransomware from encrypting systems, the attacker has issued extortion demands threatening to publish the extracted information.
Critical operations and production capacity remain uninterrupted, and Ecopetrol has engaged insurers and capital markets teams to manage the fallout. However, the state-controlled oil producer warned it cannot guarantee the incident will not ultimately have a material adverse effect on its financial condition. The precise sensitivity of the compromised data—which could include proprietary, restricted, or personal information—remains under forensic assessment.
The breach arrives at a precarious moment for the company’s governance. Chief executive Ricardo Roa Barragán is scheduled to return from a months-long medical and unpaid leave on 29 July, present a final management report, and step down before 7 August. His departure will coincide with the assumption of President-elect Abelardo De La Espriella, who is expected to call an extraordinary shareholders’ assembly to restructure the board.
Roa’s exit follows a turbulent tenure. He faces formal charges of influence peddling filed in March over the steering of a gas regasification contract at subsidiary Hocol, and his management of President Gustavo Petro’s 2022 campaign resulted in a finding that spending limits were exceeded by roughly 5.3 billion Colombian pesos. A board dominated by Petro allies previously voted to retain him despite union strike threats.
For investors, the dual crisis underscores the fragile intersection of cybersecurity and political interference at Latin American state energy firms. Ecopetrol generates between 12 and 15 percent of Colombia’s tax income, meaning any escalation—particularly the actual publication of the stolen files—carries national fiscal consequences. Market participants will now look to the incoming administration to gauge future cybersecurity investment and board independence.