What is the official website of Colonial Pipeline Company ?

The official website of Colonial Pipeline Company is http://www.colpipe.com.

What is Colonial Pipeline Company's cybersecurity risk score?

Colonial Pipeline Company has an AI-generated cybersecurity risk score of 100 out of 1000, indicating a Critical security posture according to Rankiteo's assessment.

How many security incidents has Colonial Pipeline Company experienced?

According to Rankiteo, Colonial Pipeline Company currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Colonial Pipeline Company been affected by any supply chain cyber incidents ?

According to Rankiteo, Colonial Pipeline Company has been affected by a supply chain cyber incident involving Kaseya, with the incident ID JBSKASCOL1773505774.

Does Colonial Pipeline Company have SOC 2 Type 1 certification ?

According to Rankiteo, Colonial Pipeline Company is not certified under SOC 2 Type 1.

Does Colonial Pipeline Company have SOC 2 Type 2 certification ?

According to Rankiteo, Colonial Pipeline Company does not hold a SOC 2 Type 2 certification.

Does Colonial Pipeline Company comply with GDPR ?

According to Rankiteo, Colonial Pipeline Company is not listed as GDPR compliant.

Does Colonial Pipeline Company have PCI DSS certification ?

According to Rankiteo, Colonial Pipeline Company does not currently maintain PCI DSS compliance.

Does Colonial Pipeline Company comply with HIPAA ?

According to Rankiteo, Colonial Pipeline Company is not compliant with HIPAA regulations.

Does Colonial Pipeline Company have ISO 27001 certification ?

According to Rankiteo,Colonial Pipeline Company is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does Colonial Pipeline Company operate in ?

Colonial Pipeline Company operates primarily in the Oil and Gas industry.

How many employees does Colonial Pipeline Company have ?

Colonial Pipeline Company employs approximately 1,063 people worldwide.

Does Colonial Pipeline Company own any subsidiaries ?

Colonial Pipeline Company presently has no subsidiaries across any sectors.

How many LinkedIn followers does Colonial Pipeline Company have ?

Colonial Pipeline Company's official LinkedIn profile has approximately 49,496 followers.

What is the NAICS classification code for Colonial Pipeline Company ?

Colonial Pipeline Company is classified under the NAICS code 211, which corresponds to Oil and Gas Extraction.

Does Colonial Pipeline Company have a Crunchbase profile ?

Yes, Colonial Pipeline Company has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/colonial-pipeline.

Does Colonial Pipeline Company have a LinkedIn profile ?

Yes, Colonial Pipeline Company maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/colonial-pipeline-company.

How many cybersecurity incidents has Colonial Pipeline Company experienced ?

As of June 18, 2026, Rankiteo reports that Colonial Pipeline Company has experienced 11 cybersecurity incidents.

How many peer or competitor companies does Colonial Pipeline Company have ?

Colonial Pipeline Company has an estimated 10,948 peer or competitor companies worldwide.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

CPC

Boost Score +25 with badge (5 left)

100

/1000

Critical

125

/1000

Critical

Colonial Pipeline Company Vendor Cyber Rating & Cyber Score

colpipe.com

cb in

Add Your Compliance Badge

Colonial Pipeline is the largest refined products pipeline in the United States, transporting more than 100 million gallons of fuel daily to meet the energy needs of consumers from Houston to the New York Harbor. Whether by car, plane, or train, we supply the fuel that allows Americans the freedom of mobility — so they can go where they please, whenever they please. Our vision is to be a trusted partner that leads the midstream industry in providing pipeline and energy solutions in a safe, reliable, and responsible manner as we continue to serve the nation’s energy needs for generations to come.

CPC A.I CyberSecurity Scoring

Scoring History

CPC

Colonial Pipeline Company CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

Colonial Pipeline C...

Breach

100

6/2026

COL1781699400

Colonial Pipeline C...

Breach

5/2026

METORATICBANYAH...

Colonial Pipeline C...

Ransomware

100

6/2025

COL063240610092...

Colonial Pipeline C...

Ransomware

100

5/2025

COL529051425

Colonial Pipeline C...

Ransomware

1/2025

MARCOL177202413...

Colonial Pipeline C...

Cyber Attack

10/2023

COL2118151023

Colonial Pipeline C...

Ransomware

100

6/2021

COL480344810212...

Colonial Pipeline C...

Ransomware

100

5/2021

COL1775838805

Colonial Pipeline C...

Ransomware

100

5/2021

COL163291611182...

Colonial Pipeline C...

Breach

100

4/2021

COL511050624

Colonial Pipeline C...

Ransomware

100

1/2021

Kaseya

JBSKASCOL177350...

Loading…

A.I.

CPC Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for CPC

Incidents vs Oil and Gas Industry Avg (This Year)

Colonial Pipeline Company has 16.67% fewer incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs All-Companies Average (This Year)

Colonial Pipeline Company has 88.68% more incidents than the average of all companies with at least one recorded incident.

Incident Types CPC vs Oil and Gas Industry Avg (This Year)

Colonial Pipeline Company reported 2 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 2 data breaches, compared to industry peers with at least 1 incident.

Incident History - CPC (X = Date, Y = Severity)

Loading…

SUBSIDIARY

Colonial Pipeline Company Subsidiaries

Parent Company

CPC

Oil and Gas

Website: http://www.colpipe.com

Company Size: 1,001-5,000 employees

No subsidiary data available for this company.

Loading…

Colonial Pipeline Company Similar Companies

aramco

aramco.com

We’re a leading producer of the energy and chemicals that drive global commerce and enhance the daily lives of people around the globe by continuing delivering an uninterrupted supply of energy to the world. Our resilience and agility has built one of the world’s largest integrated energy and chemicals companies. And we are part of the global effort toward building a low carbon economy. Our horizon has never been clearer.

CB&I

cb cbi.com

CB&I is the world’s leading designer and builder of storage facilities, tanks, and terminals. With more than 60,000 structures completed throughout its 135+ year history, CB&I has the global expertise and strategically located operations to provide its customers world-class storage solutions for even the most complex energy infrastructure projects. CB&I is owned by a consortium of financial investors led by Mason Capital Management LLC. To learn more, visit www.cbi.com.

ConocoPhillips

cb conocophillips.com

We are a global oil and gas company tasked with an important job—to safely find and deliver energy for the world. We’re experts in what we do—from the well site to the office. Across our operations and activities in 13 countries, we never forget our responsibility to be a great neighbor, and a great place to work. Guided by our SPIRIT Values—Safety, People, Integrity, Responsibility, Innovation and Teamwork—we deliver strong performance, keeping our promises to our stakeholders, communities and each other. We solve problems and develop new approaches together, as a team of people—not job titles. That’s ConocoPhillips. It’s not just what we do. It’s how we do it. At ConocoPhillips, we believe it is important to foster a safe and constructive online environment for our community. To do so, we encourage visitors to contribute to conversations by following a few guidelines: - Please contribute to the dialogue by keeping your comments relevant to the community and on topic. - Direct your comments at issues, rather than individuals. Any of the following violations of these guidelines may warrant, without prior notice, actions such as removing posts and comments or blocking an account: - Comments that are spam, defamatory or offensive (e.g., obscene, indecent, profane, violent, cruel or discriminatory) will be removed. - Content that violates the terms of use stipulated by each social media operating company. - Any other behavior ConocoPhillips deems inappropriate. Community policy: https://bit.ly/3mrTG4d

Marathon Petroleum Corporation

cb marathonpetroleum.com

Marathon Petroleum Corporation (MPC) is a leading, integrated, downstream and midstream energy company headquartered in Findlay, Ohio. The company operates the nation's largest refining system. MPC's marketing system includes branded locations across the United States, including Marathon brand retail outlets. MPC also owns the general partner and majority limited partner interest in MPLX LP, a midstream company that owns and operates gathering, processing, and fractionation assets, as well as crude oil and light product transportation and logistics infrastructure. More information is available at www.marathonpetroleum.com.

Eni

cb eni.com

Eni is an integrated energy company, founded in 1953, with 31.376 employees in 69 countries around the world, including Algeria, Angola, Mozambique, Mexico, Indonesia and Italy. In 2021, the company launched a new strategy that will enable it to provide a variety of fully decarbonized products, combining environmental and financial sustainability. The recent merger of the renewable and retail businesses in Plenitude (formerly Eni gas e luce), the development of bio-refineries and biomethane production, and the sale of low-carbon energy carriers and mobility services at service stations are among the main levers for taking the path towards decarbonization. Eni aspires to contribute to the achievement of the Sustainable Development Goals (SDGs) of the United Nations 2030 Agenda, supporting a just energy transition that meets the challenge of climate change with concrete and economically sustainable solutions by promoting efficient and sustainable access to energy resources, for all. * data updated to 2022

PEMEX

cb pemex.com

Petróleos Mexicanos es la mayor empresa de México, el mayor contribuyente fiscal del país, así como una de las empresas más grandes de América Latina. Es de las pocas empresas petroleras del mundo que desarrolla toda la cadena productiva de la industria, desde la exploración, hasta la distribución y comercialización de productos finales, incluyendo la petroquímica. Pemex contribuye el 35% del PEF, en otras palabras aporta 1 de cada 3 pesos para la construcción de escuelas, carreteras y hospitales. La tasa de éxito en exploración en aguas profundas es del 50% siendo superior al estándar internacional. En el 2014 las inversiones fueron por más de 25 mil millones de dólares. Pemex generó más de medio millón de empleos indirectos. Anualmente Pemex invierte cerca de 140 millones de dólares en donativos

Weatherford

cb weatherford.com

Weatherford International plc (Nasdaq: WFRD) is a leading global energy services company. Operating in approximately 75 countries, the Company answers the challenges of the energy industry with its global talent network of approximately 17,000 team members and approximately 350 operating locations, including manufacturing, research and development, service, and training facilities.

Valero

valero.com

Valero is an international manufacturer and marketer of transportation fuels and petrochemical products. We are a Fortune 500 company based in San Antonio, Texas, fueled by nearly 10,000 employees and 15 petroleum refineries with a combined throughput capacity of approximately 3.2 million barrels per day. We also proudly operate 12 ethanol plants in the Mid-Continent of the U.S., with a combined production capacity of 1.6 billion gallons per year. Our petroleum refineries are located in the United States, Canada and the United Kingdom. Valero also is a joint venture partner in Diamond Green Diesel, which operates a renewable diesel plant in Norco, Louisiana. Diamond Green Diesel is North America’s largest biomass-based diesel plant. Valero sells its products in the wholesale rack or bulk markets in the U.S., Canada, the U.K., Ireland and Latin America. Approximately 7,000 outlets carry Valero’s brand names. Visit www.valero.com for more information, and click 'Careers' to explore opportunities!

Amec Foster Wheeler

woodplc.com

Wood Group has combined with Amec Foster Wheeler to form a new global leader in the delivery of project, engineering and technical services to energy and industrial markets. To find out more about Wood visit our new website at www.woodplc.com For all the latest updates and job news follow Wood on LinkedIn https://www.linkedin.com/company/wood-group/

Loading…

NEWS

Colonial Pipeline Company CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

February 23, 2026 08:00 AM

The Co-location Quandary: The Cybersecurity Risk to Nuclear

Opinion writer Shahid Mahdi worries about the cybersecurity risks of co-location, and asks if a co-located data center is hit with...

Read Article

September 03, 2025 07:00 AM

Five attacks that shattered the status quo of cyber defense

Cybersecurity threats have evolved from broad, opportunistic malware to coordinated attacks designed to disrupt operations, hijack data,...

Read Article

July 08, 2025 07:00 AM

Hackers and Climate Change Threaten U.S. Energy Independence (Published 2021)

The country relies less on foreign oil than it used to, but pipelines and grids are increasingly vulnerable to cyberattacks and extreme weather.

Read Article

May 08, 2023 07:00 AM

Is cybersecurity doing enough to prevent the next Colonial Pipeline attack?

Two years have passed since the Colonial Pipeline incident, but critical infrastructure providers aren't doing enough to proactively...

Read Article

May 08, 2023 07:00 AM

Two years after Colonial Pipeline attack, CISA says ‘much work’ remains to ensure security, resilience of critical infrastructure

On the second anniversary of the Colonial Pipeline ransomware attack, the U.S. Cybersecurity and Infrastructure Security Agency (CISA)...

Read Article

May 06, 2023 07:00 AM

Critical infrastructure continues to call for more attention two years after Colonial Pipeline ransomware attack

Two years ago, ransomware hackers struck Colonial Pipeline systems, forcing one of the United States' most important fuel pipeline companies...

Read Article

July 13, 2022 07:00 AM

Federal Court Dismisses Colonial Pipeline Cybersecurity Litigation

A federal court dismissed cybersecurity litigation brought in the wake of the May 2021 Colonial Pipeline Ransomware attack.

Read Article

June 07, 2022 07:00 AM

How the Colonial Pipeline attack has changed cybersecurity

On the one-year anniversary of the Colonial Pipeline attack, industry insiders reflect on the event's effect on cybersecurity practice and perception.

Read Article

May 17, 2022 07:00 AM

How the Colonial Pipeline attack instilled urgency in cybersecurity

The federal government and private sector are still coming to terms with how to protect operational technology in an increasingly volatile...

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-48777

SUMMARY

FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in backend/http/public.go which joins user-controlled fromPath and toPath body fields with the trusted d.share.Path BEFORE the downstream sanitizer runs. Because filepath.Join collapses .. segments during the join, the sanitizer in resourcePatchHandler never sees the traversal and the move/copy/rename operates on a path outside the shared directory. The same root-cause pattern was patched for the bulk DELETE endpoint as CVE-2026-44542 (GHSA-fwj3-42wh-8673), but the PATCH handler with the identical pattern was not updated. A public share link with AllowModify=true is sufficient to exploit this. Anyone holding such a link can move, copy, or rename arbitrary files within the share owner's source root. This issue has been fixed in versions 1.3.3-stable and 1.4.2-beta.

Published

Date2026-06-16

Updated

Date2026-06-16

RISK INFORMATION (Score: )

cvss4

Base Score: 9.3

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-47750

SUMMARY

stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the GLOBAL opcode handler. The issue was caused by missing validation when searching for newline-delimited fields. A crafted .ckpt file without the expected newline could cause the parser to use -1 as a copy length, resulting in immediate heap corruption. The attack requires the victim or application to load a .ckpt file from an untrusted source, such as a downloaded model from a model sharing site. The issue has been resolved in version master-584-0a7ae07. If developers are unable to immediately update their applications they can work around this issue by following these instructions: do not load .ckpt checkpoint files from untrusted sources, and prefer trusted model sources and safer formats such as .safetensors where possible.

Published

Date2026-06-16

Updated

Date2026-06-16

RISK INFORMATION (Score: 7.8)

cvss3

Base Score: 7.8

Complexity: LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score

5.9

Exploitability

1.8

REFERENCES

CVE-2026-47747

SUMMARY

stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the BINUNICODE opcode handler. The issue was caused by sign confusion on the opcode length field. A crafted .ckpt file could trigger memcpy with a very large length derived from a negative signed value, causing immediate heap corruption. The issue has been resolved in version master-584-0a7ae07. If developers are unable to immediately update their applications they can work around this issue by only loading .ckpt checkpoint files from trusted sources and preferring trusted model sources and safer formats such as .safetensors where possible.

Published

Date2026-06-16

Updated

Date2026-06-16

RISK INFORMATION (Score: 7.8)

cvss3

Base Score: 7.8

Complexity: LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score

5.9

Exploitability

1.8

REFERENCES

CVE-2026-46448

SUMMARY

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation.

Published

Date2026-06-16

Updated

Date2026-06-16

RISK INFORMATION (Score: 5.4)

cvss3

Base Score: 5.4

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Impact Score

2.5

Exploitability

2.8

REFERENCES

CVE-2026-22313

SUMMARY

The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying operating system.

Published

Date2026-06-16

Updated

Date2026-06-16

RISK INFORMATION (Score: 9.1)

cvss3

Base Score: 9.1

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Impact Score

Exploitability

2.3

REFERENCES

https://www.cvcn.gov.it/cvcn/cve/CVE-2026-22313

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…