clock menu more-arrow no yes

Filed under:

Cyberattack prompts shutdown of major fuel pipeline in the US

Colonial Pipeline said it took some systems offline to contain the threat

Colonial Pipeline victim of cyberattack
Colonial Pipeline says it was victim of cyberattack
Getty Images

One of the largest pipelines in the US has been taken offline by its operator following a cyberattack. First reported by the New York Times, Colonial Pipeline, which carries 45 percent of the fuel supplies for the eastern US, said in a statement late Friday that it took “certain systems offline to contain the threat, which has temporarily halted all pipeline operations and affected some of our IT systems.”

The pipeline is 5,500 miles long and carries jet fuel and refined gasoline from the Gulf Coast to New York, according to the Times, transporting some 2.5 million barrels daily.

It’s not yet clear whether the attack targeted Colonial’s industrial control systems, or if the attack was carried out by foreign government hackers. The Washington Post, citing a US official familiar with the matter, reported that the incident was a ransomware attack.

Alpharetta, Georgia-based Colonial said it had engaged a “leading third-party cybersecurity firm” to investigate the nature and scope of the incident, and has contacted law enforcement.

Colonial Pipeline is taking steps to understand and resolve this issue. At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline.

The Times reported that it was unlikely that the shutdown would cause immediate disruption to consumers, since most of the fuel goes into storage tanks, and the US has seen a reduction in energy use due to the pandemic. How long the pipeline may remain shut down was still unclear Saturday.

Update May 8th 10:14AM ET: Adds detail that the incident reportedly was a ransomware attack