Energy Department HQ Computers Hacked
Personal Data of Hundreds of Employees, Contractors Exposed
The U.S. Department of Energy confirms that hackers penetrated its headquarters computer network in mid-January, and the personally identifiable information of several hundred department employees and contractors was exposed.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
DoE officials remained mute about the incident until a Feb. 1 memo sent to employees and contractors describing the breach was leaked this week.
In a statement, DoE says the department's cybersecurity team, the Office of Health, Safety and Security and the Inspector General's office are working with federal law enforcement to promptly gather detailed information on the nature and scope of the incident and assess the potential impacts to DoE staff and contractors. Based on the findings of this investigation, the statement says, no classified data were compromised.
The department says it will implement a full remediation plan once the full nature and extent of the incident is known.
Energy officials promise to make an "aggressive effort" to reduce the likelihood of these events occurring again. These efforts include leveraging the combined expertise and capabilities of DoE's Joint Cybersecurity Coordination Center to address this incident, increasing monitoring across all of the department's networks and deploying specialized defense tools to protect sensitive assets, the statement says.
In the memo to employees and contractors, DoE pledges to notify each individual whose PII was exposed and offer assistance on steps they can take to protect themselves from potential identity theft.
DoE, in the memo, reminds stakeholders to follow best practices, including encrypting all files and e-mails containing personal or sensitive information, including files stored on hard drives or on the shared network, not storing or e-mailing non-government related PII on DoE network computers.
"Cybersecurity is a shared responsibility," the memo says, "and we all play an important role in maintaining the integrity and security of our networks."