The United States Department of Energy has now confirmed that its computer systems were hacked into last month. Federal law doesn’t require such disclosure unless personal information is stolen as a result of the breach but in this case that did indeed occur.
According to The New York Times, the agency told its employees about the attack last Friday by way of an internal email –
“The Department of Energy (DOE) has just confirmed a recent cyber incident that occurred in mid-January which targeted the Headquarters’ network and resulted in the unauthorized disclosure of employee and contractor Personally Identifiable Information (PII).”
New York Times blog
The agency are currently working on figuring out the scale and nature of the attack but doesn’t currently believe that any classified data was stolen. It is also unclear at this time just which divisions of the Department of Energy were attacked.
Also, the identity of the attacker(s) is currently not known though I wouldn’t be at all surprised if China gets thrown into the mix as a possibility before too long, given all the press about their supposed attacks on US sites over the last week or so. That said, I think there is at least a possibility of the attack originating closer to home – after all, energy data could be extremely useful to anyone trading in futures.
The Department of Energy have now promised to enhance their security, focusing on better monitoring and the deployment of new tools to help protect its assets on its servers.