Chevron is the first US company to admit its was infected by Stuxnet.
General manager of the company's earth sciences department Mark Koelmel told the Wall Street Journal the infamous malware was discovered on its networks in 2010.
“I don't think the US Government even realised how far it spread,” Koelmel said.
Stuxnet ran rampant, destroying centrifuges used in Iran's uranium enrichment program. It was designed to target Siemens supervisory control and data acquisition systems which manage and monitor critical industrial processes.
The New York Times claimed the worm was a creation of the US Government.
Because of Stuxnet's history, it is believed that Chevron's encounter with the worm was accidental – a case of the sophisticated malware running loose beyond its intended targets.
A Chevron spokeswoman told the Wall Street Journal CIO Journal it was undamaged by Stuxnet.
Seculert chief technology officer Aviv Raff said it was likely that other US companies were infected by Stuxnet.
“I do think there are other companies that are keeping quiet and this is normal behaviour,” Raff said.
He added that a company the size of Chevron would be a “reasonable” mistake given its operations, which fit the category of the malware's destructive aims.