More than 45,000 affected by cyberattack on Idaho nuclear research lab

Jason Macuray
The information of more than 45,000 people was leaked because of a cyberattack late last month at a federally run nuclear research lab.

The information of more than 45,000 people was leaked because of a cyberattack late last month at a federally run nuclear research lab.

In filings with regulators in [Maine](https://apps.web.maine.gov/online/aeviewer/ME/40/ff925db5-9987-4a47-a5bc-a89c94f794f5.shtml, Montana and Oregon, the Idaho National Laboratory (INL), said 45,047 employees, former employees, spouses and dependents had sensitive information stored on an “off-site data center” that was accessed by hackers on November 20.

The prominent U.S. Department of Energy nuclear research lab, based near Idaho Falls, is known for groundbreaking research into nuclear reactors, and currently has more than 5,700 employees.

“The event did not impact INL’s own network, or other networks or databases used by employees, lab customers or other contractors. The event continues to be investigated by federal agencies including the Department of Energy, Federal Bureau of Investigation, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency,” the facility said in breach notification letters.

“Though the matter is currently under investigation, this notice was not delayed as a result of law enforcement investigations. We can confirm that multiple forms of sensitive personally identifiable information (PII) including names, social security numbers, salary information and banking details were exposed for many individuals. Some individuals only had their names and dates of birth compromised. The compromised information contained payroll data for employees, former employees, and retirees that was current as of June 1, 2023.”

INL said once it discovered the hack, it immediately “worked to restrict access to the server that was involved in the breach, alerted federal law enforcement agencies, and began the process of confirming the individuals and the types of information that were compromised.”

The facility also claimed to have notified those impacted “through internal and external means.” Victims are being offered 12 months of identity protection services.

In statements to Recorded Future News at the time, INL confirmed that a hacktivist group infiltrated the organization’s systems and shared screenshots proving its access.

The group, known as SiegedSec, claimed to have leaked some of the information that was taken, including employee names, dates of birth, addresses, Social Security numbers and more. Recorded Future News checked the screenshots of the data and confirmed that the people listed work for the laboratory.

The hackers accessed “a federally approved cloud vendor system outside the lab” used for human resources services, a spokesperson said.

SiegedSec has made several hacking claims over the last year, some of which were confirmed and others which were proven false.

The group, which purports to launch its attacks for a variety of politically-motivated reasons, attacked unclassified websites run by the North Atlantic Treaty Organization (NATO) in October.

SiegedSec also attacked several state-run websites this summer, targeting platforms in Nebraska, South Dakota, Texas, Pennsylvania and South Carolina.

GovernmentCybercrimeNewsPrivacy
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

New hacker group uses old attack methods to breach Asian gambling companies

Next Post

Russian national with alleged Hive ransomware ties arrested in Paris

Related Posts

Security Flaw in Styra’s OPA Exposes NTLM Hashes to Remote Attackers

Details have emerged about a now-patched security flaw in Styra's Open Policy Agent (OPA) that, if successfully exploited, could have led to leakage of New Technology LAN Manager (NTLM) hashes. "The vulnerability could have allowed an attacker to leak the NTLM credentials of the OPA server's local user account to a remote server, potentially allowing the attacker to relay the authentication or
Avatar
Read More

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period. These findings come from Microsoft, which said that multiple threat activity clusters with ties to the country have been observed creating fake profiles on LinkedIn, posing as both
Avatar
Read More