Colonial Pipeline Admits Ransomware Attack Stole Personal Data

data breach, security breaches

US pipeline operator confirms devastating ransomware attack in May, also resulted in theft of personal information of nearly 6,000 people

Three months after US east coast fuel supplies were crippled in ransomware attack, Colonial Pipeline has admitted personal data was also stolen.

Speaking to CNN, a company spokesperson confirmed that the ransomware attack in May had compromised the personal information of nearly 6,000 individuals.

The problem began on Friday 7 May this year, when a major pipeline (Colonial Pipeline) in the United States was attacked by DarkSide, that resulted in widespread fuel shortages on the US east coast.

Pipeline attack

Indeed, so serious was the attack that the US government engaged emergency powers and US President Joe Biden received “personal briefings” about the cyberattack.

And the attack brought ransomware attacks into the public light and they dominated the face-to-face meeting in June between Biden and Russia’s President Vladimir Putin.

And to make matters worse, the management of Colonial Pipeline paid the DarkSide hackers to restore its systems.

The CEO, Joseph Blount, authorised a ransom payment of $4.4 million (75 Bitcoin).

He said they had authorised the ransom payment, because executives were unsure how badly the cyberattack had breached its systems, and consequently, how long it would take to bring the pipeline back.

Security researchers at London-based Eliptic subsequently identified the Bitcoin digital wallet used by DarkSide to extract ransoms from their victims.

And in June the US DoJ seized 63.7 bitcoins in a ransom recovery.

Stolen data

Besides crippled IT systems at Colonial Pipeline in May, the DarkSide hackers also reportedly stole personal data of thousands of people.

Bleeping Computer first reported that Colonial Pipeline was sending notification letters that it had “recently learned” that DarkSide operators were also able to collect and exfiltrate documents containing personal information of a total of 5,810 individuals during their attack.

The 5,810 people impacted are reported mostly current or former company staff and their family members, a Colonial Pipeline spokesperson told CNN.

The letter explains the hackers reportedly gained access to records including names; contact information; birth dates; social security, driver’s license and military ID numbers; and health insurance information – all of which can be used for future exploits.

“Though our pipeline system is now fully operational, we have been hard at work with third-party cybersecurity experts determining what, if any, personal information may have been affected as a result of the attack,” the company spokesperson told CNN.

“Based on this review, we learned that an unauthorised party acquired certain personal information in connection with the attack,” the spokesperson reportedly said.

“Colonial Pipeline sincerely appreciates the ongoing support and understanding from our dedicated employees and the public as we worked to thoroughly investigate this incident,” the spokesperson concluded.