Energy Department HQ Computers Hacked

Personal Data of Hundreds of Employees, Contractors Exposed
Energy Department HQ Computers Hacked

The U.S. Department of Energy confirms that hackers penetrated its headquarters computer network in mid-January, and the personally identifiable information of several hundred department employees and contractors was exposed.

See Also: On Demand | 2024 Report Findings: Security & Productivity in the Age of AI

DoE officials remained mute about the incident until a Feb. 1 memo sent to employees and contractors describing the breach was leaked this week.

In a statement, DoE says the department's cybersecurity team, the Office of Health, Safety and Security and the Inspector General's office are working with federal law enforcement to promptly gather detailed information on the nature and scope of the incident and assess the potential impacts to DoE staff and contractors. Based on the findings of this investigation, the statement says, no classified data were compromised.

The department says it will implement a full remediation plan once the full nature and extent of the incident is known.

Energy officials promise to make an "aggressive effort" to reduce the likelihood of these events occurring again. These efforts include leveraging the combined expertise and capabilities of DoE's Joint Cybersecurity Coordination Center to address this incident, increasing monitoring across all of the department's networks and deploying specialized defense tools to protect sensitive assets, the statement says.

In the memo to employees and contractors, DoE pledges to notify each individual whose PII was exposed and offer assistance on steps they can take to protect themselves from potential identity theft.

DoE, in the memo, reminds stakeholders to follow best practices, including encrypting all files and e-mails containing personal or sensitive information, including files stored on hard drives or on the shared network, not storing or e-mailing non-government related PII on DoE network computers.

"Cybersecurity is a shared responsibility," the memo says, "and we all play an important role in maintaining the integrity and security of our networks."

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.