Incident & Breach Response , Security Operations
45,000 Affected by Breach at Idaho National Laboratory
Breach Exposed Names, Social Security Numbers and SalariesThe Idaho National Laboratory said hackers stole personal data of more than 45,000 individuals connected with the facility following a self-proclaimed hacktivist group's claims of a breach last month.
See Also: Gartner Guide for Digital Forensics and Incident Response
The data theft stems from a Nov. 20 incident that affected the organization's cloud-based off-site Oracle HCM HR management system. The facility, one of more than a dozen that make up the U.S. national laboratory system, is investigating the full extent of the breach with the U.S. Cybersecurity and Infrastructure Security Agency and the FBI.
In a breach notification, the company identified the number of affected individuals as 45,047 current and former employees, including postdoctoral students, graduate fellows and interns, as well as their kin. The stolen data includes sensitive personal identifiable information, including names, Social Security numbers, salary information and banking details.
The Idaho National Laboratory is home to more than 5,900 researchers and support staff focused on nuclear research, renewable energy systems and security solutions. The data breach did not affect employees hired after June 1, 2023. "It did not affect INL's own network, or other networks or databases used by employees, lab customers or other contractors," the breach notification says.
Oracle in a statement said data had been contained in a test environment and that the breach had "occurred offsite on a federally approved cloud-based system that contained INL data and that was supported by a subcontractor."
INL did not attribute the attack to any specific group. The self-proclaimed hacktivist group SiegedSec claimed responsibility for the breach.
The hacktivists allegedly earlier had stolen data from NATO's unclassified information-sharing platform, the Communities of Interest Cooperation Portal.
In February, the group took responsibility for posting apparent records of thousands of Atlassian employees, along with floor plans of the Australian company's offices. A review at the time revealed that hackers had obtained an employee credential through the third-party app that Atlassian used to coordinate in-office resources (see: Breach Roundup: Activision, SAS, Dole, Atlassian, VGTRK).