Sensitive Personal Data Stolen During Cyberattack
The infamous colonial pipeline ransomware attack also exposed the sensitive data of almost 6000 people. Many of those impacted by the Colonial Pipeline data breach are current or former employees.
The Colonial Pipeline ransomware attack began on April 29 when attackers compromised the network by exploiting credentials for an old VPN. Colonials’ IT team was unaware that the legacy VPN was still on their network.
The attack wasn’t discovered until May 7, 2021. The company took its servers offline to protect data and hardware. However, that attack wore on for over weeklong crippling oil deliveries to the northeastern United States.
During the ransomware attack, hackers also exfiltrated about 100GB of data on May 6.
Colonial paid a ransom of about $5 million to obtain decryption keys that enabled them to get back in business. The US Deputy U.S. Attorney General announced in June, that the Department of Justice (DoJ) had recovered almost $2.3 of the ransomware payment.
The US Federal Bureau of Investigations (FBI) says Russian ransomware gang DarkSide for the attack.
Exposed data includes:
- Contact information
- Social Security numbers
- Government-issued identification information
- Tax ID numbers
- Driver’s license numbers
- Healthcare-related information
As a result of an investigation, “we learned that an unauthorized party acquired certain personal information in connection with the attack,” Colonial Pipeline told Information Security Media Group.
Colonial will send a notification letter to those impacted by the data breach.