Colonial Pipeline has discovered a data breach involving the personal information of more than 5,800 individuals. The data breach comes after the headline-grabbing ransomware attack in May.

According to Bleeping Computer, Darkside operators collected and exfiltrated documents containing the personal information. During the ransomware attack, DarkSide operators reportedly stole roughly 100GBs of files from breached Colonial Pipeline systems.

A Colonial Pipeline spokesperson sent us a statement regarding the data breach. It’s been working with third-party cybersecurity experts determining what, if any, personal information may have been affected from the attack.

“Based on this review, we learned that an unauthorized party acquired certain personal information in connection with the attack,” it said. “We have begun the process of directly notifying individuals whose relevant personal information was acquired, and we are offering complementary credit monitoring services to those individuals. Most of the impacted individuals are current or former Colonial employees and, in some cases, their beneficiaries or dependents. Colonial Pipeline sincerely appreciates the ongoing support and understanding from our dedicated employees and the public as we worked to thoroughly investigate this incident.”

Data Breach Notification Letter

Colonial Pipeline’s Joseph Blount Jr.

Joseph Blount, Jr., Colonial Pipeline’s president and CEO, sent a breach notification letter to individuals impacted by the breach. He said affected records include name, contact information, date of birth, government-issued ID (such as Social Security, military ID, tax ID and driver’s license numbers), and health-related information (including health insurance information).

“Not all of this information was affected for each impacted individual,” he said. “We take our obligation to safeguard personal information very seriously and are alerting you about this issue so you can take steps to help protect yourself.”

Colonial Pipeline is the largest refined products pipeline in the United States. The ransomware attack pushed gas prices higher and disrupted supply in the eastern United States.

Colonial Pipeline paid a $4.4 million ransom to quickly restore service. The Department of Justice then seized $2.3 million in crytocurrency paid to the Darkside group during the ransomware attack.

Darkside disappeared earlier this summer. A new ransomware organization, BlackMatter, reportedly has ties to Darkside and the REvil ransomware gang.