Colonial Pipeline Confirmed Data Breach Months After The Ransomware Attack

Colonial Pipeline made it to the news for suffering a devastating cyberattack that disrupted fuel supply within the US. Now, months after the attack, the Colonial Pipeline has confirmed the outage was due to a breach.

Colonial Pipeline Admitted Data Breach

In a recent notification, the US-based fuel supply project Colonial Pipeline has confirmed a data breach.

As elaborated, upon detecting the ransomware attack, the firm promptly started counteractive measures involving security experts and law enforcement. Since then, Colonial Pipeline has continued investigating the matter. And now, it has disclosed the security breach that happened during the incident affecting users’ data.

Stating about the breached details, the letter reads,

Based on our investigation, we recently learned that the incident affected certain of your personal information… The affected records contained certain personal information, such as name, contact information, date of birth, government-issued ID (such as Social Security, military ID, tax ID, and driver’s license numbers), and health-related information (including health insurance information).

Though, they have clarified that the extent of the breach isn’t the same for all impacted individuals.

Not all of this information was affected for each impacted individual.

Since much is already known about the incident publicly, the notification doesn’t state any details of what had happened.

Whereas, as compensation, the service offers two-year free monitoring and identity restoration to the affected individuals.

About The Ransomware Attack

Colonial Pipeline suffered a disruptive ransomware attack in May 2021 that caused an emergency in several US states.

Following the incident, the firm promptly paid a $5 million ransom to the attackers – the DarkSide ransomware gang. However, the data recovery still took a lot of time, creating almost nationwide chaos.

This huge attack consequently jolted up the security agencies, drawing the attackers – the DarkSide ransomware gang – into the limelight.

Eventually, the attackers disappeared quickly (not before hitting Toshiba) after losing access to its It infrastructure.

However, it is now believed that the gang has reemerged as BlackMatter ransomware.

Although the new threat actors don’t state anything like that, their similarities to DarkSide hint at the possibility of a rebrand or a spin-off.