Incident & Breach Response , Security Operations

45,000 Affected by Breach at Idaho National Laboratory

Breach Exposed Names, Social Security Numbers and Salaries
45,000 Affected by Breach at Idaho National Laboratory
A breach at a system connected to the Idaho National Laboratory affected more than 45,000 individuals. (Image: Shutterstock)

The Idaho National Laboratory said hackers stole personal data of more than 45,000 individuals connected with the facility following a self-proclaimed hacktivist group's claims of a breach last month.

See Also: Gartner Market Guide for DFIR Retainer Services

The data theft stems from a Nov. 20 incident that affected the organization's cloud-based off-site Oracle HCM HR management system. The facility, one of more than a dozen that make up the U.S. national laboratory system, is investigating the full extent of the breach with the U.S. Cybersecurity and Infrastructure Security Agency and the FBI.

In a breach notification, the company identified the number of affected individuals as 45,047 current and former employees, including postdoctoral students, graduate fellows and interns, as well as their kin. The stolen data includes sensitive personal identifiable information, including names, Social Security numbers, salary information and banking details.

The Idaho National Laboratory is home to more than 5,900 researchers and support staff focused on nuclear research, renewable energy systems and security solutions. The data breach did not affect employees hired after June 1, 2023. "It did not affect INL's own network, or other networks or databases used by employees, lab customers or other contractors," the breach notification says.

Oracle in a statement said data had been contained in a test environment and that the breach had "occurred offsite on a federally approved cloud-based system that contained INL data and that was supported by a subcontractor."

INL did not attribute the attack to any specific group. The self-proclaimed hacktivist group SiegedSec claimed responsibility for the breach.

The hacktivists allegedly earlier had stolen data from NATO's unclassified information-sharing platform, the Communities of Interest Cooperation Portal.

In February, the group took responsibility for posting apparent records of thousands of Atlassian employees, along with floor plans of the Australian company's offices. A review at the time revealed that hackers had obtained an employee credential through the third-party app that Atlassian used to coordinate in-office resources (see: Breach Roundup: Activision, SAS, Dole, Atlassian, VGTRK).


About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.