Major U.S. pipeline hit by cyberattack on transaction software

A cyberattack has disrupted a system for processing customer transactions for a sprawling network of U.S. natural gas pipelines, according to multiple news reports.

A supply chain cyberattack has disrupted a customer transaction service for a network of U.S. natural gas companies, according to multiple news reports.

It affected a software platform, developed by a company named Energy Services Group LLC, that is used to process customer transactions, according to Bloomberg News. Such data-exchange software is widely used in the gas industry, though the attack was limited to the Energy Services platform.

The attack on the billing platform impacted Texas-based Energy Transfer Partners LP, which owns more than 71,000 miles of pipelines containing natural gas, crude oil and other commodities. The Texas firm’s subsidiaries include the Panhandle Eastern Pipe Line Co., whose pipelines run from the Gulf Coast to the Midwest.

“There was an attack on a third-party service provider,” Energy Transfer Partners spokesperson Vicki Granado confirmed in an email to CyberScoop. “This situation has not impacted our operations as we are handling all scheduling in-house during this time,” she said, adding later that by Monday evening ETP had resumed processing transactions using the Energy Services Group platform.


The attack has not been attributed to any group, but the energy sector has been in the crosshairs of sophisticated hackers for years. The Department of Homeland Security warned last month that Russian government actors have been targeting U.S. energy infrastructure since March 2016 with a multi-stage hacking campaign.

Bloomberg News was first to report the cyberattack, identifying the breached vendor as Energy Services Group LLC. The company did not respond to multiple requests for comment.

In a statement sent to CyberScoop, the DHS acknowledged reports of the incident and said it was collecting information.

“We are aware of the reports and are gathering further information, as is standard practice whenever we become aware of a potential cyber intrusion affecting the critical infrastructure community,” said Scott McConnell, press secretary for DHS’s National Protection and Programs Directorate (NPPD). “In order to ensure robust information sharing between private sector partners and DHS, the department does not disclose information shared with us for cybersecurity purposes.”

UPDATE: This story has been updated to show that Energy Transfer Partners resumed processing transactions through the Energy Services Group platform on Monday evening, according to ETP spokesperson Vicki Granado.


This is a developing story and will be updated with information as it becomes available. 

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts