Colonial Pipeline CEO Joseph Blount told a U.S. Senate committee that the ransomware attack that disrupted fuel distribution to the majority of the eastern United States was caused by attackers stealing a single password that protected the enterprise’s VPN. “In the case of this particular legacy VPN, it only had single-factor authentication,” Blount informed the panel, convened this week in order to examine the attack and other similar threats to U.S. infrastructure.