Colonial Pipeline Admits Ransomware Attack Stole Personal Data

Three months after US east coast fuel supplies were crippled in ransomware attack, Colonial Pipeline has admitted personal data was also stolen.

Speaking to CNN, a company spokesperson confirmed that the ransomware attack in May had compromised the personal information of nearly 6,000 individuals.

The problem began on Friday 7 May this year, when a major pipeline (Colonial Pipeline) in the United States was attacked by DarkSide, that resulted in widespread fuel shortages on the US east coast.

Pipeline attack

Indeed, so serious was the attack that the US government engaged emergency powers and US President Joe Biden received “personal briefings” about the cyberattack.

And the attack brought ransomware attacks into the public light and they dominated the face-to-face meeting in June between Biden and Russia’s President Vladimir Putin.

And to make matters worse, the management of Colonial Pipeline paid the DarkSide hackers to restore its systems.

The CEO, Joseph Blount, authorised a ransom payment of $4.4 million (75 Bitcoin).

He said they had authorised the ransom payment, because executives were unsure how badly the cyberattack had breached its systems, and consequently, how long it would take to bring the pipeline back.

Security researchers at London-based Eliptic subsequently identified the Bitcoin digital wallet used by DarkSide to extract ransoms from their victims.

And in June the US DoJ seized 63.7 bitcoins in a ransom recovery.

Stolen data

Besides crippled IT systems at Colonial Pipeline in May, the DarkSide hackers also reportedly stole personal data of thousands of people.

Bleeping Computer first reported that Colonial Pipeline was sending notification letters that it had “recently learned” that DarkSide operators were also able to collect and exfiltrate documents containing personal information of a total of 5,810 individuals during their attack.

The 5,810 people impacted are reported mostly current or former company staff and their family members, a Colonial Pipeline spokesperson told CNN.

The letter explains the hackers reportedly gained access to records including names; contact information; birth dates; social security, driver’s license and military ID numbers; and health insurance information – all of which can be used for future exploits.

“Though our pipeline system is now fully operational, we have been hard at work with third-party cybersecurity experts determining what, if any, personal information may have been affected as a result of the attack,” the company spokesperson told CNN.

“Based on this review, we learned that an unauthorised party acquired certain personal information in connection with the attack,” the spokesperson reportedly said.

“Colonial Pipeline sincerely appreciates the ongoing support and understanding from our dedicated employees and the public as we worked to thoroughly investigate this incident,” the spokesperson concluded.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago