Colonial Pipeline reports data breach surfaces after ransomware attack

The Colonial Pipeline, serving most of the Eastern United States with fuel and heating oil, confirmed to CNN Business that it had started sending out breach notification letters to 5,810 victims after recently learning that DarkSide operators were able to collect and exfiltrate documents containing personal information.

Those affected are thought to be current and former employees and family members. Compromised information is though to include names, birth dates, Social Security numbers, contact information, driver’s license details, military ID numbers, and health insurance information. 

“Though our pipeline system is now fully operational, we have been hard at work with third-party cybersecurity experts determining what, if any, personal information may have been affected as a result of the attack,” said a spokesperson to CNN. 

“Based on this review, we learned that an unauthorized party acquired certain personal information in connection with the attack.”

Darkside ransomware attack

In May, the DarkSide ransomware gang hit the networks of Colonial Pipeline prompting it to go offline and shut down its fuel distribution operations for several days. 

The company was paid $4.4 million worth of cryptocurrency to the gang for a decryptor. 

In an effort to prevent a repeat of the attack, The Transportation Security Administration, a DHS unit, will issue a security directive requiring pipeline companies to report cyber security incidents to federal authorities. 

Additionally, The Department of Homeland Security (DHS) issued a second security directive requiring owners and operators of critical pipelines transporting hazardous liquids and natural gas to implement measures against cyber intrusions.