More than 14,000 current and former Energy Department employees are at risk of identity theft. For a second time this year, DoE confirmed hackers broke into its unclassified computer network, which disclosed employees’ personally identifiable information (PII).
“Individual notifications to affected current employees will begin no later than this Friday, Aug. 16, and will be completed by Aug. 30,” stated an internal Energy Department email sent to employees earlier this week, which was obtained by Federal News Radio. “While a significant number of employees whose information may have been affected may no longer be employed by the department, it will be necessary to obtain current contact information in order to notify these personnel. The individual notification process for former employees will begin this week.”
DoE told employees it is working with federal law enforcement agencies to find out more about the hacking incident, which happened at the end of July.
“No classified data was targeted or compromised,” the email stated. “Once the full nature and extent of this incident is known, the department will implement a full remediation plan.”
Insight by Infor: This exclusive e-book highlights how the military services and defense agencies are rethinking their approach to managing their supply chains and how data is driving those decisions.
This is yet another in a growing list of hacking incidents for Energy in the last couple of years.
In February, Energy said the attack disclosed employee PII, but didn’t offer any details of how many or which parts of the agency were affected.
In June 2012, the FBI charged a man for trying to sell access to DoE’s network to an undercover agent.
In 2011, Energy’s lab went offline for almost two weeks after a cyber attack against the Northwest National Laboratory in Washington state limited Internet access and took down its website.
The Energy Inspector General reported in December that the department lacked a unified cybersecurity incident management strategy. Auditors said Energy maintained a number of independent, at least partially duplicative, cybersecurity incident management capabilities that created inefficiencies in the process and security of the network.
Since the report, Energy CIO Bob Brese told Federal News Radio in December he’s trying to modernize the agency’s network in layers and start up a new security operations center. Energy created a Joint Cybersecurity Coordination Center that consolidated its reporting and information sharing across all of DoE, including its labs and offices.
Former Energy Chief Information Security Officer Gil Vega said in April Energy faced a zero day attack earlier this year and responded quickly because of the cyber threat intelligence coming from the coordination center.