Two weeks ago, the Energy Department announced it had been hacked in July, exposing roughly 14,000 federal employees’ personal information.
It’s now much worse than that.
DOE officials have confirmed that the name, Social Security number and date of birth for approximately 53,000 former and current federal employees were actually compromised in the incident.
“Based on the findings of the department’s ongoing investigation into this incident, we do believe [personally identifiable information] theft may have been the primary purpose of the attack,” the department wrote in a memo, without elaborating on exactly how the breach occurred.
When the incident was initially announced, the agency said it would notify all current affected employees by Aug. 30. But DOE is still notifying previous employees of their exposure until Sept. 15. After that, “you should assume it is unlikely your [information] was affected,” the memo said.
To head off fraud or identity theft, the department is offering the affected employees a year of free credit monitoring services.
The incident is just one of an increasing number of cyber-attacks across the government. A White House report in March of this year said computer security incidents affecting the federal government were up 5 percent from 2011 to 2012.
Even more attention was brought to the issue when the hacking group Anonymous posted what it claimed were 2,000-plus congressional staffers’ usernames and passwords for a constituent contact system. But the list was later revealed to be of dubious veracity.