By RACHAEL KING
The United States Department of Energy notified employees via an email this week that hackers gained personal information, such as names and social security numbers, of 14,000 current and former agency employees as the result of a hack that occurred in late July.
This is the second attack this year that involved a breach of employee data.
While the department said in its memo that no classified data was compromised or targeted, obtaining personally identifiable information is one way that computer hackers use to gain access to computer systems containing critical assets. A spokesperson for the DOE confirmed that it had sent the memo on Wednesday.
Cyber attackers were able to access the information by hacking into a human resources system which included information such a payroll data, according to a person familiar with the matter.
In February, the DOE said intruders may have compromised personal data for several hundred employees.
These attacks are part of a larger, "long-term, intensive campaign to take over large numbers of systems to gain permanent access to sensitive US systems," Alan Paller, founder of cybersecurity research and education organization SANS Institute, told CIO Journal in February.
Once hackers have enough personal information about an employee, they might try to gain access to other systems. One method involves posing as the employee and contacting the IT department to request password resets to more sensitive systems, Mr. Paller said.
The DOE said it is working with law enforcement to investigate details of the incident. Individual notifications to affected current employees will begin Friday.
Dow Jones Newswires