By RACHAEL KING
The United States Department of Energy notified employees
via an email this week that hackers gained personal
information, such as names and social security numbers, of
14,000 current and former agency employees as the result of a
hack that occurred in late July.
This is the second attack this year that involved a breach of
While the department said in its memo that no classified
data was compromised or targeted, obtaining personally
identifiable information is one way that computer hackers use
to gain access to computer systems containing critical assets.
A spokesperson for the DOE confirmed that it had sent the memo
Cyber attackers were able to access the information by hacking
into a human resources system which included information such a
payroll data, according to a person familiar with the
In February, the DOE said intruders may have compromised
personal data for several hundred employees.
These attacks are part of a larger, "long-term, intensive
campaign to take over large numbers of systems to gain
permanent access to sensitive US systems," Alan Paller, founder
of cybersecurity research and education organization SANS
Institute, told CIO Journal in February.
Once hackers have enough personal information about an
employee, they might try to gain access to other systems. One
method involves posing as the employee and contacting the IT
department to request password resets to more sensitive
systems, Mr. Paller said.
The DOE said it is working with law enforcement to
investigate details of the incident. Individual notifications
to affected current employees will begin Friday.
Dow Jones Newswires