Department of Energy Hacked Again

[Lee J <lee () riskbasedsecurity com>]

http://blogs.wsj.com/cio/2013/08/15/department-of-energy-hacked-again/?mod=WSJ_LatestHeadlines

The United States Department of Energy notified employees via an email
Wednesday that hackers gained personal information, such as names and
social security numbers, of 14,000 current and former agency employees as
the result of a hack that occurred in late July. This is the second attack
this year that involved a breach of employee data.

While the agency said in its memo that no classified data was compromised
or targeted, obtaining personally identifiable information is one way that
computer hackers use to gain access to computer systems containing critical
assets. A spokesperson for the DOE confirmed that it had sent the memo on
Wednesday. Cyber attackers were able to access the information by hacking
into a human resources system which included information such a payroll
data, according to a person familiar with the matter.

In February, the agency
said<http://blogs.wsj.com/cio/2013/02/04/department-of-energy-hacked/>
intruders
may have compromised personal data for several hundred employees.

[..]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.