Romania’s national oil pipeline operator, Conpet S.A., confirmed that the Qilin ransomware gang stole company data in an attack last week.

In a press release the day following the incident, the company said that the threat actor breached its corporate IT infrastructure, but operations remained unaffected.

Conpet S.A. published an update today about the incident, saying that it is collaborating with the Romanian National Cyber Security Directorate (DNSC) in the investigation.

In a statement for BleepingComputer, the company confirmed that the Qilin ransomware attack resulted in data exfiltration. Due to the ongoing investigation, the company said it cannot yet determine the amount of data stolen.

Qilin claims to have stolen nearly 1TB of documents from Conpet's systems and proved the breach by leaking a sample of 16 images of internal documents with financial information and passport scans.

Some of the documents are marked as confidential and have dates as recent as November 2025. Some of them include personal information such as names, postal addresses, personal identification numbers, and bank account numbers.

In the latest update on the breach, Conpet S.A. cautioned that the compromised data may be exploited for fraudulent activities.

As such, the company is advising individuals potentially affected by the incident to be wary of any urgent requests over the phone, email, or other communication channels.

Scammers frequently impersonate employees of well-known organizations and request personal or financial information to facilitate their fraudulent schemes.

It is important to verify the legitimacy of such requests by contacting the organization using the official contact details listed on its website or verified social media accounts - not the information provided in the received message.

Conpet S.A. is a strategic company controlled by the Romanian Ministry of Energy that transports crude oil, gas, and condensate over a pipeline network of 3,800 km.