Lawsuit Alleges Lax Cybersecurity Allowed Pipeline Hack
(TNS) — Still reeling from a devastating Russian-based ransomware attack earlier this month, Colonial Pipeline is now the subject of a lawsuit alleging the Georgia-based company employed lax cybersecurity measures that left it vulnerable to such an attack.
The lawsuit was filed May 18 in the U.S. District Court for the Northern District of Georgia, according to Bloomberg Law. Plaintiff Ramon Dickerson said the company breached its duty to employ industry security standards which resulted in system outages that harmed consumers by raising prices at the pump.
“As a result of the Defendant’s failure to properly secure the Colonial Pipeline’s critical infrastructure — leaving it subjected to potential ransomware attacks like the one that took place on May 7, 2021 — there have been catastrophic effects for consumers and other end-users of gasoline up and down the east coast,” Dickerson alleged.
On May 7, hackers locked up the company’s computer systems. The hackers didn’t take control of pipeline operations, but the Alpharetta-based company shut it down to prevent malware from affecting industrial control systems. President Joe Biden later said the attack was the work of Russian-based hackers, though he added the U.S. does not believe the Russian government was responsible.
Colonial Pipeline CEO Joseph Blount said he approved paying more than $4 million to the Russian-based hackers who cyber attacked his company because “it was the right thing to do for the country.”
In a May 19 interview published by The Wall Street Journal, Blount said he authorized the ransom payment of $4.4 million because executives were unsure how badly the cyber attack had breached its systems or how long it would take to bring the pipeline back.
“I know that’s a highly controversial decision,” Blount said. “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this. But it was the right thing to do for the country.”
The interview was the first time Blount or the company acknowledged paying the ransom. He also said it will take months and cost the company…
