November 22, 2023 at 12:40PM
The Idaho National Laboratory (INL), a US Department of Energy national lab, experienced a significant data breach on November 19. Employee information, including addresses, Social Security numbers, and bank account details, were leaked. The breach impacted the Oracle HCM system servers that support INL’s Human Resources applications. An investigation involving the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency is currently underway. SiegedSec claimed responsibility for the attack and leaked stolen information on hacking forums. The INL is working to gather more information and communicate with its employees.
During the meeting, it was discussed that the Idaho National Laboratory (INL) recently experienced a major data breach on November 19. The breach resulted in the leak of various sensitive information, including employee addresses, Social Security numbers, bank account information, full names, employee details, and dates of birth. INL is one of the 17 national labs within the US Department of Energy complex and has over 6,100 researchers focusing on nuclear research, renewable energy systems, and security solutions.
The breach specifically targeted the laboratory’s Oracle HCM system servers, which support its Human Resources applications, according to INL media spokesperson Lori McNamara. In response to the breach, INL is collaborating with the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to launch an investigation and determine the extent of the breach’s impact.
SiegedSec, a hacking group, has claimed responsibility for the attack and made an announcement on hacking forums. They have also leaked the stolen information, including what they assert is “hundreds of thousands of user, employee, and citizen data.” Screenshots of internal INL tools were allegedly posted by the group on Telegram to provide evidence of the breach.
Though it has been reported that no nuclear secrets, intellectual property, or research and development (R&D) information were accessed or stolen, security engineer Colin Little from Centripetal expressed concern about the leakage of staff information involved in advanced Nuclear Energy R&D. Little mentioned that individuals with political motivations now have access to the names and addresses of top Nuclear Energy researchers in the US.
INL is currently in the process of gathering information and plans to communicate further with its employees as soon as possible regarding the breach.