// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
ColdRecon / Breach Radar / Colonial Pipeline
Breach Record

Colonial Pipeline

DISCLOSED 2021-05-07 · STOLEN CREDS · RANSOMWARE

In May 2021, Colonial Pipeline suffered a ransomware attack by the DarkSide group, leading to a shutdown of its pipeline operations. The attackers gained access through a compromised VPN account that lacked multi-factor authentication. The incident caused widespread fuel shortages across the Eastern United States.

The record

What we know

Disclosed
2021-05-07
Attack vector
Stolen Creds
Sector
energy
Country
United States
RANSOMWARE ENDPOINT INVOLVED
ColdRecon assessment

Could a positive-security control have prevented this?

Verdict · would prevent · opinion

A positive-security model that enforces known-good application states and rejects unauthorized changes would likely have blocked the ransomware execution, as it would prevent the encryption process from altering files without explicit allowlisting.

Our assessments are opinion, grounded in the cited public facts. Read them critically.

Sources

Cited reporting

Similar vector · recent

Other stolen creds breaches on file

This page is the permanent ColdRecon entry for the Colonial Pipeline disclosure. It updates if new public reporting emerges. All tracked breaches →

Colonial Pipeline just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →