TRENDING:

Energy Department HQ Computers Hacked

Personal Data of Hundreds of Employees, Contractors Exposed Eric Chabrow (GovInfoSecurity) • February 5, 2013    
Energy Department HQ Computers Hacked

The U.S. Department of Energy confirms that hackers penetrated its headquarters computer network in mid-January, and the personally identifiable information of several hundred department employees and contractors was exposed.

See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion

DoE officials remained mute about the incident until a Feb. 1 memo sent to employees and contractors describing the breach was leaked this week.

In a statement, DoE says the department's cybersecurity team, the Office of Health, Safety and Security and the Inspector General's office are working with federal law enforcement to promptly gather detailed information on the nature and scope of the incident and assess the potential impacts to DoE staff and contractors. Based on the findings of this investigation, the statement says, no classified data were compromised.

The department says it will implement a full remediation plan once the full nature and extent of the incident is known.

Energy officials promise to make an "aggressive effort" to reduce the likelihood of these events occurring again. These efforts include leveraging the combined expertise and capabilities of DoE's Joint Cybersecurity Coordination Center to address this incident, increasing monitoring across all of the department's networks and deploying specialized defense tools to protect sensitive assets, the statement says.

In the memo to employees and contractors, DoE pledges to notify each individual whose PII was exposed and offer assistance on steps they can take to protect themselves from potential identity theft.

DoE, in the memo, reminds stakeholders to follow best practices, including encrypting all files and e-mails containing personal or sensitive information, including files stored on hard drives or on the shared network, not storing or e-mailing non-government related PII on DoE network computers.

"Cybersecurity is a shared responsibility," the memo says, "and we all play an important role in maintaining the integrity and security of our networks."

Previous
Retail Breach Tied to Global Fraud
Next
NIST Updating Security Controls

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.



Around the Network

Organization-Wide Passwordless Orchestration
Organization-Wide Passwordless Orchestration
Whistleblowing Brings Visibility to the Role of CISOs
Whistleblowing Brings Visibility to the Role of CISOs
Are We Doomed? Not If We Focus on Cyber Resilience
Are We Doomed? Not If We Focus on Cyber Resilience
Showing Evidence of 'Recognized Security Practices'
Showing Evidence of 'Recognized Security Practices'
Protecting the Hidden Layer in Neural Networks
Protecting the Hidden Layer in Neural Networks
Securing the SaaS Layer
Securing the SaaS Layer
Craig Box of ARMO on Kubernetes and Complexity
Craig Box of ARMO on Kubernetes and Complexity
The Persisting Risks Posed by Legacy Medical Devices
The Persisting Risks Posed by Legacy Medical Devices
David Derigiotis on the Complex World of Cyber Insurance
David Derigiotis on the Complex World of Cyber Insurance
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
How 2U Inc. Is Fortifying Its Systems and Solutions Designs

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.