US Department of Energy hack disclosed employee information
No classified data was compromised in the mid-January attack, the agency said
IDG News Service - The U.S. Department of Energy said Monday that personal information about several hundred employees and contractors was stolen in a mid-January hack, but that no classified information was compromised.
The agency is working with federal law enforcement and other agencies "to promptly gather detailed information on the nature and scope of the incident and assess the potential impacts to DOE staff and contractors," according to an internal DOE letter that was circulated Friday and released by the agency on Monday.
"As individual affected employees are identified, they will be notified and offered assistance on steps they can take to protect themselves from potential identity theft," the letter said. "Once the full nature and extent of this incident is known, the department will implement a full remediation plan."
The DOE, which has a budget of more than US$20 billion, is responsible for a wide range of policies governing U.S. energy production and use, as well as overseeing the safety and reliability of the nation's nuclear weapons arsenal.
The attacks follow a wave of cyberattacks that have struck prominent corporations and governments around the world. Last week, The New York Times and The Wall Street Journal said hackers infiltrated their IT systems in an apparent attempt to monitor reporting on China.
In recent years, companies including Google, RSA and Symantec have also been attacked, illustrating that even companies with high-level computer security expertise face challenges in defending their networks.
The DOE said it is "leading an aggressive effort to reduce the likelihood of these events occurring again."
The agency has a Joint Cybersecurity Coordination Center that will be "increasing monitoring across all of the department's networks and deploying specialized defense tools to protect sensitive assets."
Also studying the attack is the DOE's Cybersecurity Team, the Inspector General's office, and the Office of Health, Safety and Security, the DOE said.
Send news tips and comments to firstname.lastname@example.org. Follow me on Twitter: @jeremy_kirk
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- 5 Ways Dropbox for Business Keeps Your Data Protected Protecting your data isn't a feature on a checklist, something to be tacked on as an afterthought. Download here to find out how...
- The Keys to Securing Data in a Collaborative Workplace Losing data is costly. IT professionals have spent years learning how to protect their organizations from hackers, but how do you ward off...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!