Nearly 6,000 people have received a letter from Colonial Pipeline in the mailbox. The US oil company says the attackers stole (part of) their personal data in the ransomware attack that took place in early May. As compensation, they can have their bank accounts and online internet activities monitored for free for one year.
In the first week of May, Colonial Pipeline was the target of a ransomware attack. Hackers managed to penetrate the oil company’s corporate network and install ransomware. As a result, employees could no longer log in to their accounts. Furthermore, the attackers allegedly stole 100 GB of company-sensitive data. In the letter to the victims, the company says it includes names, contact information, dates of birth, driver’s license and other identification numbers and health information.
Tens of millions of Americans depend on the Colonial Pipeline’s petroleum supply. To minimize the social disruption, CEO Joseph Blount decided to pay the hackers a ransom. In total, it was $4.4 million. “I realize it is a controversial decision. I didn’t take that lightly. I didn’t feel comfortable watching the money flow to the perpetrators. I did it in the national interest, ” he said in an interview with The Wall Street Journal.
An investigation by security company Mandiant showed that the hackers had no access to critical parts of the IT systems. Once inside, they were able to browse the network undisturbed and steal personal data and other sensitive information. Most likely, the perpetrators managed to infiltrate the network via a VPN account. An employee’s password had been leaked via the dark web. Because the account was not protected with multi-factor authentication, the attackers could easily log in.
Colonial Pipeline has sent a letter to a total of 5,810 people. In it, the oil company says that the perpetrators have stolen private information. The exact data involved differs per victim. “We take our obligation to protect personal information very seriously and point it out to you so you can take steps to help protect yourself,” CEO Blount wrote in the letter.
In addition to his sincere apology, he offers victims some form of compensation. They can use Experian IdentityWorks Services free of charge for one year. Employees of the company check, among other things, whether there are indications of fraud with the victim’s payment account. They also monitor chat rooms and forums 24/7 to see if data of the victim is being sold. In the case of identity fraud, they offer help to verify their identity with authorities. Finally, they are insured up to $1 million against fraud.
Victims have until October 31 at the latest to register with Experian IdentityWorks Services.
Security experts suspect that DarkSide is responsible for the ransomware attack on Colonial Pipeline. This Russian-affiliated hacker group decided to throw in the towel in May. In addition to the oil company, they also managed to steal a large amount of data from Brenntag, a distribution company from Germany that transports chemicals. Like Colonial Pipeline, the company paid $4.4 million to unlock all locked files. It is possible that the huge loot from the cyber-attacks was the reason to take all servers offline.
Catch up on more articles here
Follow us on Twitter here