Department Of Energy Confirms Data Breach

Attackers targeted employees personal data, rather than top secret energy or nuclear information, investigators say.

Online attackers successfully penetrated the Department of Energy (DOE) network in the middle of January and obtained copies of personally identifiable information (PII) pertaining to several hundred of the agencys employees and contractors.
The agency first detailed the cybersecurity incident, which affected the network at the agencys headquarters, in a memo circulated to all employees Friday. We believe several hundred DOE employees and contractors PII may have been affected. As individual affected employees are identified, they will be notified and offered assistance on steps they can take to protect themselves from potential identity theft, according to the memo.
The DOE has launched a full-scale investigation into the breach, involving its
Joint Cybersecurity Coordination Center
, or JC3, which helps the agency track and report on all attacks launched against the agency, as well as the DOEs Office of Health, Safety and Security and Inspector Generals office, together with one or more federal law enforcement agencies.
So far, the memo noted, based on the findings of this investigation, no classified data was compromised.
[ For more on military agencies security worries, see
Uncertain State Of Cyber War
. ]
According to Alan Paller, director of research for the SANS Institute, the DOE was subjected to a long-term, intensive campaign designed to compromise both its headquarters systems, as well as the systems used by its labs, which is where the majority of the agencys most sensitive work takes place. The first time we saw hard evidence was in 2002 in attacks against Los Alamos, he said via email, referring to the agencys Los Alamos National Laboratory.
The DOE promised to release more details about this breach as they become known, and said that once the full nature and extent of this incident is known, the Department will implement a full remediation plan, as part of what it said would be an aggressive effort to reduce the likelihood of these events occurring again.
These efforts include leveraging the combined expertise and capabilities of the Departments Joint Cybersecurity Coordination Center to address this incident, increasing monitoring across all of the Departments networks and deploying specialized defense tools to protect sensitive assets, according to the memo.
A DOE official, reached by phone, shared a copy of the memo that had been distributed to employees, but said the agency had no further comment on the breach or the investigation, beyond what was already detailed in the memo.
Interestingly, the DOE memo urged all employees to help minimize impacts and reduce any potential risks by encrypting all files and emails that contained PII, including files stored on hard drives or on the shared network. That request suggests that the agency has yet to implement or mandate the use of
full-disk encryption tools
for all employees and contractors.
DOE is as good or better than any civilian agency on encryption and sadly they are not very far along at all, said Paller.
Why might attackers have targeted PII for agency employees and contractors? One obvious answer would be to help the attackers design better social engineering attacks, and in particular spear-phishing attacks, of the type that successfully
compromised security company RSA
in 2011. Such attacks use personalized emails to trick users into opening malicious attachments, which, if not then blocked by information security defenses, can allow attackers to establish a virtual beachhead in the targeted network, and then expand their attack from there to find and steal sensitive data from other systems.
Despite that threat, could this DOE breach have upsides? The thing that is most interesting to me is the difference between this attack response and nearly every other federal response, said Paller. Here the top management and the CIO are actively seeking to understand it with a full commitment to fixing the underlying patterns that enabled the attack (that is very rare). The only other government agencies I know [of] that have demonstrated this type of leadership are in Australia.
As a result, the DOE breach may now spur more U.S. federal agencies to improve their cybersecurity posture. I am really sorry this happened, but it may be catalytic for more rapid improvement of cybersecurity in the U.S., said Paller. Given the talent available in the labs, I expect DOE will be an important agent of valuable improvement for the government and critical infrastructure in the U.S.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Department Of Energy Confirms Data Breach