Colonial Pipeline sends out thousands of breach alerts

Letters are being sent out to employees whose personal information may have been exposed

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Breach notification letters have been sent out to 5,810 current and former employees of theColonial Pipelinewho had their personal information accessed by the DarkSideransomwaregroup back in May of this year.

In theseletters, the company admitted that the ransomware group was able to acquire “certain records” stored on its systems during the now infamous cyberattack that occurred as the result of acompromised VPN password.

According to Colonial Pipeline, the cybercriminals managed to obtain employees' full names, contact information, dates of birth, government-issued IDs and health-related information. However, it’s worth noting that not every employee had all of this information exposed.

In addition to encrypting the company’s systems, the DarkSide ransomware group also managed to steal around100GB of datain a typical double-extortion ploy used by virtually all ransomware operators these days.

Employee information exposed

The news that Colonial Pipeline has begun sending out data breach notification letters to its current and former employees wasfirst reportedbyBleepingComputer. Additionally, in a statement toCNN Business, a company spokesperson confirmed that personal information was stolen during the attack.

In order to make up for losing employee’s sensitive personal and health information, Colonial Pipeline is providing affected employees withidentity theft protectionandcredit monitoringservices fromExperian IdentityWorks. However, employees will need to sign up for the service by October, 31 of this year to take advantage of the offer.

At the same time though, Colonial Pipeline is also advising employees to keep a close eye on their credit reports and look out for any unusual activity.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The cyberattack on Colonial Pipeline has served as a wake up call both for private businesses and for the US government. In fact, since the attack took place in May, the US government has passedmultiple new regulationsfor critical industries to help prevent them from falling victim to similar attacks going forward.

ViaZDNet

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Scotland vs South Africa live stream: how to watch 2024 rugby union Autumn International online from anywhere