The ransomware attack that forced Colonial Pipeline, one of the largest fuel pipelines in the United States, to go offline this spring also compromised the personal information of nearly 6,000 individuals, a company spokesperson told CNN Business.
The pipeline operator has begun sending data breach notification letters to the 5,810 affected individuals, who are mostly current or former company employees and their family members, the spokesperson said on Monday.
A sample letter dated Aug. 13 and reviewed by CNN Business informs recipients that the hackers gained access to records including names; contact information; birth dates; Social Security, driver’s license and military ID numbers; and health insurance information. The letter was first reported by the cybersecurity news outlet Bleeping Computer and its authenticity was confirmed by the spokesperson.
“Though our pipeline system is now fully operational, we have been hard at work with third-party cybersecurity experts determining what, if any, personal information may have been affected as a result of the attack,” the company spokesperson told CNN Business in a statement. “Based on this review, we learned that an unauthorized party acquired certain personal information in connection with the attack.”
“Colonial Pipeline sincerely appreciates the ongoing support and understanding from our dedicated employees and the public as we worked to thoroughly investigate this incident,” the spokesperson added.
The cyberattack against Colonial Pipeline in May prompted the company to preemptively shut down its fuel distribution operations, leading to widespread shortages at gas stations along the east coast. Colonial paid $4.4 million to the hacking group DarkSide to resolve the incident, though some of that ransom money was later recovered by the authorities.
The Colonial hack was one of a string of recent cybersecurity incidents that have made ransomware a top issue for the US government. The Biden administration has increasingly described the malicious software as a threat to national and economic security as hackers have gone after cash-rich US infrastructure targets.