US Department of Energy hack disclosed employee information

No classified data was compromised in the mid-January attack, the agency said
  • Jeremy Kirk (IDG News Service)
  • — 04 February, 2013 23:52

The U.S. Department of Energy said Monday that personal information about several hundred employees and contractors was stolen in a mid-January hack, but that no classified information was compromised.

The agency is working with federal law enforcement and other agencies "to promptly gather detailed information on the nature and scope of the incident and assess the potential impacts to DOE staff and contractors," according to an internal DOE letter that was circulated Friday and released by the agency on Monday.

"As individual affected employees are identified, they will be notified and offered assistance on steps they can take to protect themselves from potential identity theft," the letter said. "Once the full nature and extent of this incident is known, the department will implement a full remediation plan."

The DOE, which has a budget of more than US$20 billion, is responsible for a wide range of policies governing U.S. energy production and use, as well as overseeing the safety and reliability of the nation's nuclear weapons arsenal.

The attacks follow a wave of cyberattacks that have struck prominent corporations and governments around the world. Last week, The New York Times and The Wall Street Journal said hackers infiltrated their IT systems in an apparent attempt to monitor reporting on China.

In recent years, companies including Google, RSA and Symantec have also been attacked, illustrating that even companies with high-level computer security expertise face challenges in defending their networks.

The DOE said it is "leading an aggressive effort to reduce the likelihood of these events occurring again."

The agency has a Joint Cybersecurity Coordination Center that will be "increasing monitoring across all of the department's networks and deploying specialized defense tools to protect sensitive assets."

Also studying the attack is the DOE's Cybersecurity Team, the Inspector General's office, and the Office of Health, Safety and Security, the DOE said.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Tags: US Department of Energy, intrusion, security, data breach, data protection

Forget BYOD – it's now BYOC

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Web Aplication Security

Safeguard your websites against cyber attacks and data loss.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.