The Idaho National Laboratory (INL), one of the 17 national labs in the US Department of Energy complex, suffered a major data breach on Nov. 19, leaking a host of information, including employee addresses, Social Security numbers, bank account information, full names, employee information, and dates of birth. The lab employs over 6,100 researchers who focus on nuclear research, renewable energy systems, and security solutions.
The breach affected the laboratory’s Oracle HCM system servers which, according to INL media spokesperson Lori McNamara, “supports its Human Resources applications.” The INL is now coordinating with the FBI as well as the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to launch an investigation and determine the scope and impact of the breach.
On Nov. 20, SiegedSec claimed responsibility over the attack in an announcement on hacking forums and leaked the stolen information, including what it claims is “hundreds of thousands of user, employee, and citizen data.” The group also allegedly posted screenshots of internal INL tools to provide proof of the breach on Telegram.
“Although media surrounding this event claims that no nuclear secrets, intellectual property or R&D information was accessed or stolen, which is fortunate, it is nonetheless highly disconcerting that the staff generating that intellectual property and participating in the most advanced Nuclear Energy R&D have had their information leaked online,” stated Colin Little, security engineer at Centripetal, in an email. “[N]ow those who are politically motivated and would very much like to know the names and addresses of the top Nuclear Energy researchers in the US have that data as well.”
According to its spokesperson, the INL is still gathering information and will be in further communication with its employees as soon as possible.
Source: www.darkreading.com