Was Colonial Pipeline hacked?

Yes. The Colonial Pipeline breach occurred on May 7, 2021, affecting Not applicable records.

What data was exposed in the Colonial Pipeline breach?

The 2021 Colonial Pipeline ransomware attack shut down the largest U.S. fuel pipeline. Learn what happened and its impact.

What should I do if I was affected by the Colonial Pipeline data breach?

Check if your data was exposed using our free tool, change your passwords, enable two-factor authentication, and monitor your accounts for suspicious activity.

Colonial Pipeline Data Breach

High Severity Not applicable records affected Published February 10, 2026

Company	Colonial Pipeline
Breach Date	May 7, 2021
Disclosure Date	May 7, 2021
Records Affected	Not applicable

In May 2021, the DarkSide ransomware group attacked Colonial Pipeline, forcing the shutdown of the largest fuel pipeline in the United States. The attack disrupted fuel supplies across the southeastern U.S. for nearly a week and prompted a national emergency declaration.

What Happened

On May 7, 2021, the DarkSide ransomware group gained access to Colonial Pipeline's IT network using a compromised VPN password found in a batch of leaked credentials. The account did not have multi-factor authentication enabled. Colonial Pipeline shut down its operational technology (OT) systems as a precaution, halting all pipeline operations. The 5,500-mile pipeline supplies approximately 45% of the fuel consumed on the U.S. East Coast. The shutdown caused widespread fuel shortages, panic buying, and gas station lines across the Southeast. Colonial Pipeline paid a $4.4 million ransom in Bitcoin, of which the FBI later recovered approximately $2.3 million. Operations resumed on May 12, 2021.

What Data Was Exposed

Internal corporate documents (approximately 100 GB stolen before encryption)
Employee personal information
Business operational data

Who Is Affected

While the breach primarily affected Colonial Pipeline's corporate data, the operational shutdown impacted millions of consumers and businesses across the southeastern United States. Fuel shortages affected 17 states and Washington D.C. Colonial Pipeline employees had personal data stolen in the attack.

How to Check If You Were Affected

This breach primarily affected Colonial Pipeline's operations rather than consumer data. If you were a Colonial Pipeline employee, the company provided direct notifications. For organizations concerned about similar attacks, review CISA's ransomware advisories at cisa.gov and implement recommended security measures.

What You Should Do Now

If you are a Colonial Pipeline employee, monitor your credit reports
For organizations: audit VPN and remote access configurations
Ensure multi-factor authentication on all remote access points
Review and test incident response plans for ransomware scenarios
Implement network segmentation between IT and OT systems
Maintain offline backups of critical systems

Last updated: February 10, 2026