[BreachExchange] Colonial Pipeline hit with class-action lawsuit for negligence following major hack

[Sophia Kingsbury]

https://news.yahoo.com/colonial-pipeline-hit-class-action-175800178.html

The Colonial Pipeline, which was the subject of a major hack in early May,
was sued on Monday for negligence after the security breach strained
thousands of gas stations throughout the East Coast.

On May 7, operations at the pipeline were halted by a ransomware attack
from the criminal enterprise DarkSide and later restored after executives
shelled out approximately $4.4 million to the hackers days later. The North
Carolina-based gas station EZ Mart 1 alleged top brass at the pipeline
acted negligently and caused lasting damage to upward of 11,000 fuel
retailers, according to a complaint filed in Georgia federal court.

The damages incurred by the cyberbreach exceed $5 million, the lawsuit
alleged.

"The sudden shutdown of the Pipeline on May 7, 2021 was a sudden and
calamitous event that jeopardized the business of the Plaintiff," the
lawsuit read. "Defendant had touted in public relations materials that it
placed its obligations to its customers and the public first but this was
not the case in this instance. In Congressional hearings after the
incident, Defendant has acknowledged its duty to those affected by the
failure, but to date has failed to offer them any compensation or remedy."

The suit continued: "Defendant disregarded the rights of Plaintiff and
Class Members by intentionally, willfully, recklessly, or negligently
failing to take and implement adequate and reasonable measures to ensure
that the Pipeline’s critical infrastructure was safeguarded. As a result,
Plaintiff and Class Members were subjected to a sudden and dramatic fuel
shortage and increase in the price of gasoline and suffered damage."

Kevin Feeney, a spokesman for the Colonial Pipeline, said the company is
unable to comment on the lawsuit itself, though he insisted top brass
"worked around the clock" to remedy the shutdown.

"We are aware of the lawsuit and while we cannot comment on pending
litigation, Colonial Pipeline worked around the clock to safely restart our
pipeline system following the cyberattack against our company," she told
the Washington Examiner in an email.

In response to the high-profile attack, on May 27, the Department of
Homeland Security required pipeline operators to report both confirmed and
potential security breaches to DHS's Cybersecurity and Infrastructure
Security Agency. Additionally, oil infrastructure executives must
"designate a Cybersecurity Coordinator, to be available 24 hours a day,
seven days a week" in order to review practices to identify gaps.

The Colonial Pipeline hack was one of several breaches in the last few
months. In early June, JBS, the country's largest meat producer, halted
slaughters at several facilities following a cyberattack, though it quickly
rebounded days later. It was later revealed that it caved to demands from
criminals and shelled out around $11 million to regain control of its
systems.

Similar incidents have also targeted the Massachusetts Steamship Authority,
McDonald's, and others.

The Colonial Pipeline did not immediately respond to a request for comment
from the Washington Examiner.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210623/8dc08c4f/attachment.html>