Colonial Pipeline Data Breach Impacts Hundreds of Individuals
The Data Breach Comes After a Ransomware Attack that Forced the Company to Shut Down in May.
In a data breach notification letter with the Maine attorney general’s office, Colonial Pipeline, the largest fuel pipeline operator in the U.S., informs of the number of individuals who have been affected following the DarkSide ransomware attack that occurred in May.
According to the company, no less than 5.810 individuals (mostly former and current employees) had their private information exposed during the attack.
Colonial Pipeline, which declared it found out about the data breach recently, is currently sending notification letters to all the impacted persons who had their sensitive information compromised.
According to the notification, the compromised information included names, Social Security numbers, dates of birth, contact details, driver’s license numbers, and even healthcare information.
However, the amount of exposed data varies for each affected person, the company stated.
Colonial Pipeline Data Breach Follows a Ransomware Attack
In May, Colonial Pipeline, the largest fuel pipeline operator in the U.S. was forced to shut down 5,500 miles of pipeline, which carries 45% of the East Coast’s fuel supplies.
The company declared it had to do so in order to contain the breach.
According to investigators, in only two hours, the attackers behind the DarkSide ransomware operation took approximately 100 gigabytes of data out of the Alpharetta, Georgia-based company’s network.
On May 7, Colonial Pipeline Company learned it was the victim of a cybersecurity attack and has since determined that the incident involved ransomware. Quickly after learning of the attack, Colonial proactively took certain systems offline to contain the threat.
These actions temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring.
After collecting roughly $90 million in Bitcoin ransom payments in just nine months, the DarkSide ransomware decided to cease their operation when they realized the amount of attention they were getting from media and U.S. law enforcement.
BlackMatter, the New DarkSide?
As predicted by many cybersecurity experts, the group found its way back under the name of BlackMatter ransomware operation.
According to them, this is a usual practice for ransomware groups – to shut down only to come back after a while having a new name.
The BlackMatter hackers stated they are looking to purchase access to impacted corporate networks comprising anywhere between 500 and 15,000 devices in the U.S., Canada, Australia, and the U.K. and with revenues of over $100 million or more a year.
Emsisoft CTO and ransomware specialist Fabian Wosar analyzed a decryptor found by BleepingComputer from a BlackMatter victim and confirmed that the new ransomware gang is using the same unique encryption techniques that DarkSide had used in their cyberattacks.
After looking into a leaked BlackMatter decryptor binary I am convinced that we are dealing with a Darkside rebrand here. Crypto routines are an exact copy pretty much for both their RSA and Salsa20 implementation including their usage of a custom matrix.
— Fabian Wosar (@fwosar) July 31, 2021