A class-action lawsuit is seeking damages for costs and lost profits incurred by more than 11,000 gas stations along the East Coast after the ransomware attack against the Colonial Pipeline led to panic-buying and fuel shortages. The suit is also seeking a court order requiring Colonial Pipeline Co. to implement security protocols consistent with legal and industry standards.
The complaint, filed in Georgia federal court Monday on behalf of Wilmington, North Carolina-based gas station and convenience store EZ Mart 1, alleges that Colonial Pipeline Company failed to adequately safeguard their pipeline’s computer systems, leading to a breach on April 29 and the subsequent successful ransomware attack on May 7. It also claims EZ Mart 1 and other gas stations supplied by the Colonial Pipeline suffered monetary losses in excess of $5 million during and in the days following the pipeline's five-day shutdown.
"Defendant disregarded the rights of Plaintiff and Class Members by intentionally, willfully, recklessly, or negligently failing to take and implement adequate and reasonable measures to ensure that the Pipeline’s critical infrastructure was safeguarded," the lawsuit states. "As a result, Plaintiff and Class Members were subjected to a sudden and dramatic fuel shortage and increase in the price of gasoline and suffered damages. In addition, Plaintiff and Class Members have a continuing interest in ensuring that Defendant safeguards the Pipeline’s critical infrastructure, and they are therefore entitled to injunctive and other equitable relief."
A spokesperson for Colonial Pipeline told FOX Business that it is "aware" of the lawsuit.
"While we cannot comment on pending litigation, Colonial Pipeline worked around the clock to safely restart our pipeline system following the cyberattack against our company," the spokesperson added.
The Colonial Pipeline spans roughly 5,500 miles from the Gulf Coast to the New York metro area, transporting more than 100 million gallons of gasoline, diesel, jet fuel and heating oil per day, or roughly 45% of fuel consumed across the East Coast. Mandiant senior vice president Charles Carmakal confirmed to FOX Business earlier this month that hackers were able to access the Colonial Pipeline's system through a breached virtual private network account that did not require multifactor authentication.
In order to restart the pipeline, Colonial paid a $4.4 million ransom fee to Russian-based hacker group DarkSide. The Department of Justice confirmed earlier this month that about 63.7 bitcoins, worth an estimated value of about $2.3 million, has been recovered out of the total 75 bitcoins paid in ransom.
Other victims of cyberattacks this year include the the world's largest meat producer, JBS, New York City's Metropolitan Transportation Authority and Law Department, the Massachusetts Steamship Authority, truck maker Navistar, McDonald's, Electronic Arts, Department of Energy subcontractor Sol Oriens, and St.Joseph's/Candler, one of the largest hospital systems in Savannah, Georgia.