Colonial Pipeline Hackers Stole Personal Data From Nearly 6,000 People

Hackers responsible for a May ransomware attack on a key East Coast oil pipeline stole personal data, including social security numbers and health insurance information, from nearly 6,000 people, the company confirmed to the Daily Caller News Foundation on Monday.

Ukrainian hacking syndicate DarkSide carried out a ransomware attack on Colonial Pipeline, a private pipeline system beginning in Houston and supplying 45% of the oil used on the East Coast. The pipeline paid the hackers $4.4 million in bitcoin to restore normal operations.

The attack temporarily shut down the pipeline, resulting in fuel shortages, gas hoarding, and price increases at the pump. Some gas stations were charging as much as $5.99 per gallon in the immediate aftermath of the attack, CBS reported.

Colonial Pipeline was conducting a review of the breach with third-part cybersecurity experts when it discovered hackers had accessed personal data during the attack.

“Based on this review, we learned that an unauthorized party acquired certain personal information in connection with the attack,” a company spokesperson told the DCNF. “We have begun the process of directly notifying individuals whose relevant personal information was acquired, and we are offering complimentary credit monitoring services to those individuals.”

Hackers were able to access “personal information, such as name, contact information, date of birth, government-issued ID (such as Social Security, military ID, tax ID, and driver’s license numbers), and health-related information (including health insurance information),” according to letters the company sent notifying affected parties. The data breach affected 5,810 individuals in total, though not all of the personal information was compromised for each individual.

The data breach affected mostly current or former Colonial Pipeline employees and their dependents, according to the spokesperson.

The news comes amid the Biden administration’s push to improve the cybersecurity standards of critical infrastructure.

President Joe Biden issued a directive at the end of July establishing a partnership between critical infrastructure companies and the federal government to improve cybersecurity. Similarly, the Cyber Security and Infrastructure Security Agency (CISA) announced a collaboration with private companies such as Amazon and Google to work on establishing cyber defense plans.