French multinational integrated energy and petroleum company TotalEnergies said it has found no evidence of a data breach after reports that personal information linked to employees had appeared on a cybercrime forum. The company said it has investigated the matter and that its systems do not show any compromise affecting employee or customer data.
The alleged data appeared on an online forum for cybercrime, with posts claiming that a dataset containing personal details had been taken from TotalEnergies systems. The nature and source of the information were not clear, and the company said it had not identified any intrusion or leakage through its internal investigation.
TotalEnergies said it has stringent security measures in place to protect its information systems and that its review did not reveal any signs of unauthorised access. The company said it is continuing to monitor its networks for unusual activity and is working with relevant authorities as part of normal security processes.
The company did not confirm the authenticity of the material posted online or whether the data was linked to any known breach of its systems. TotalEnergies emphasised that, based on its investigation, there is no indication that internal infrastructure was compromised or that employee information was accessed by attackers.
Cybersecurity specialists often caution that claims made on cybercrime forums can involve previously exposed or publicly available material rather than newly stolen data. TotalEnergies said it will assess any credible information and take appropriate steps if necessary, but at this stage has not found evidence supporting the allegations.
The energy company said it remains committed to safeguarding personal and corporate data and to following best practices for cybersecurity. TotalEnergies did not provide details on the specific type of information alleged to have been exposed or on how many records were claimed to be involved.
TotalEnergies said it will update stakeholders if its investigation yields further findings. The company advised employees and partners to remain vigilant and follow standard guidance on account security, including monitoring for phishing attempts and unusual login activity.