The U.S. Department of Energy said Monday that
personal information about several hundred employees and contractors was
stolen in a mid-January hack, but that no classified information was
compromised.
The agency is working with federal law enforcement and other
agencies "to promptly gather detailed information on the nature and
scope of the incident and assess the potential impacts to DOE staff and
contractors," according to an internal DOE letter that was circulated
Friday and released by the agency on Monday.
"As individual affected employees are identified, they will be
notified and offered assistance on steps they can take to protect
themselves from potential identity theft," the letter said. "Once the
full nature and extent of this incident is known, the department will
implement a full remediation plan."
The DOE, which has a budget of more than US$20 billion, is
responsible for a wide range of policies governing U.S. energy
production and use, as well as overseeing the safety and reliability of
the nation's nuclear weapons arsenal.
The attacks follow a wave of cyberattacks that have struck
prominent corporations and governments around the world. Last week, The
New York Times and The Wall Street Journal said hackers infiltrated their IT systems in an apparent attempt to monitor reporting on China.
In recent years, companies including Google, RSA and Symantec
have also been attacked, illustrating that even companies with
high-level computer security expertise face challenges in defending
their networks.
The DOE said it is "leading an aggressive effort to reduce the likelihood of these events occurring again."
The agency has a Joint Cybersecurity Coordination Center that
will be "increasing monitoring across all of the department's networks
and deploying specialized defense tools to protect sensitive assets."
Also studying the attack is the DOE's Cybersecurity Team, the
Inspector General's office, and the Office of Health, Safety and
Security, the DOE said.
