US Department of Energy Hacked; Employee Data Lost

The United States Department of Energy has been attacked by hackers. The unknown assailants reportedly gained access to employee personal information.

News agency Reuters recently acquired a letter between the US Department of Energy (DOE) and its employees. In that letter, the DOE admits that the attack "resulted in the unauthorized disclosure of employee and contractor Personally Identifiable Information."

Employee Personal Data Lost to Hacker

The letter indicated that employee and contractor personal information was lost. However, it also noted that none of the stolen information was classified.

Reports suggest that the attack occurred during the middle of January 2013. However, it remains unknown who was behind the attack or what motivated the security breach. (Source: dailytech.com)

It's also not clear if the attack targeted a specific sub-agency within the DOE, such as the Energy Information Administration (which publishes data related to the oil, gas, and electricity markets).

Critics Question DOE Security

The attack is sure to provoke new claims that the Department of Energy suffers from weak cyber security.

These criticisms have been made before, and specifically after USB memory drives containing sensitive DOE documents were discovered in an illegal methamphetamine lab in 2006. Why the drug producers had these documents in their possession remains unclear.

In the letter acquired by Reuters, the Department of Energy promises its employees that it will do a better job of protecting sensitive information in the future.

"These efforts include leveraging the combined expertise and capabilities of the Department's Joint Cybersecurity Coordination Center to address this incident, increasing monitoring across all of the Department's networks and deploying specialized defense tools to protect sensitive assets," the letter noted. (Source: cnet.com)

The DOE letter also said that the agency was currently setting live new tools designed to keep its servers safe from cyber attack. It also promised to "implement a full remediation plan" once "the full nature and extent of this incident is known."