US Nuclear Lab Data Breach: 45,000 People Impacted by Shocking Cyber Attack

Did you know that the personal information of more than 45,000 individuals was stolen in a recent cyber attack? Just last month, the Idaho National Laboratory (INL) confirmed that attackers breached its cloud-based Oracle HCM HR management platform and made off with a treasure trove of sensitive data.

Who is INL and why does this matter?

As one of the 17 U.S. Department of Energy’s (DOE’s) national laboratories, INL employs over 6,100 researchers and support staff involved in vital national security and nuclear research. So, you can imagine that any security breach affecting this prestigious research lab is a cause for concern.

On November 20, INL acknowledged the “cybersecurity data breach” that impacted its off-site Oracle HCM system just one day earlier. As we speak, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are conducting a joint investigation to determine the full impact of this breach.

How many people were affected?

According to breach notification letters filed with the Maine Attorney General’s Office, the attackers managed to exfiltrate the data of 45,047 current and former employees (including postdocs, graduate fellows, and interns), as well as their dependents and spouses. However, the breach did not affect employees hired after June 1, 2023.

The laboratory is still investigating the full impact of the incident, but they have confirmed that multiple forms of sensitive personally identifiable information (PII) were affected, including names, social security numbers, salary information, and banking details.

Thankfully, INL’s own network and other networks or databases used by employees, lab customers, or contractors were not impacted. The breach only affected the cloud-based Oracle HCM test environment that resides off-site. INL stated, “A well-known hacking organization has taken responsibility via social media, but a full investigation must be completed to confirm this information.”

Who’s behind the attack?

While INL hasn’t officially attributed the attack to a specific group, the hacktivist group SiegedSec claimed responsibility for the attack on November 20 and leaked stolen human resources data on a hacking forum.

Interestingly, SiegedSec made no attempt to negotiate or demand a ransom from INL. Instead, they directly published the stolen data online, just as they had done previously with data allegedly stolen from NATO and Atlassian.

The group provided evidence of their access to INL’s systems by sharing a custom announcement they made using INL’s system to notify everyone on the campus, along with screenshots of internal INL tools. SiegedSec claims the leaked data includes a wide range of sensitive information, such as full names, dates of birth, email addresses, phone numbers, Social Security Numbers (SSN), physical addresses, and employment information.

What can you do to protect yourself?

This latest breach serves as a stark reminder of the importance of cybersecurity in today’s digital age. To keep your personal information safe, it’s essential to stay informed and vigilant. Make sure you’re using strong, unique passwords for each of your online accounts, enabling multi-factor authentication when possible, and keeping your devices updated with the latest security patches.

And if you’re worried about cybersecurity or think your business could benefit from expert advice, don’t hesitate to contact us. We’re here to help you navigate the ever-evolving world of cybersecurity and keep your valuable data protected. So, keep coming back to learn more and stay ahead of the game!