US Department of Energy hack disclosed employee information
No classified data was compromised in the mid-January attack, the agency said
IDG News Service - The U.S. Department of Energy said Monday that personal information about several hundred employees and contractors was stolen in a mid-January hack, but that no classified information was compromised.
The agency is working with federal law enforcement and other agencies "to promptly gather detailed information on the nature and scope of the incident and assess the potential impacts to DOE staff and contractors," according to an internal DOE letter that was circulated Friday and released by the agency on Monday.
"As individual affected employees are identified, they will be notified and offered assistance on steps they can take to protect themselves from potential identity theft," the letter said. "Once the full nature and extent of this incident is known, the department will implement a full remediation plan."
The DOE, which has a budget of more than US$20 billion, is responsible for a wide range of policies governing U.S. energy production and use, as well as overseeing the safety and reliability of the nation's nuclear weapons arsenal.
The attacks follow a wave of cyberattacks that have struck prominent corporations and governments around the world. Last week, The New York Times and The Wall Street Journal said hackers infiltrated their IT systems in an apparent attempt to monitor reporting on China.
In recent years, companies including Google, RSA and Symantec have also been attacked, illustrating that even companies with high-level computer security expertise face challenges in defending their networks.
The DOE said it is "leading an aggressive effort to reduce the likelihood of these events occurring again."
The agency has a Joint Cybersecurity Coordination Center that will be "increasing monitoring across all of the department's networks and deploying specialized defense tools to protect sensitive assets."
Also studying the attack is the DOE's Cybersecurity Team, the Inspector General's office, and the Office of Health, Safety and Security, the DOE said.
Send news tips and comments to firstname.lastname@example.org. Follow me on Twitter: @jeremy_kirk
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts