The Department of Energy has revealed that a breach of personal information at the agency back in July of this year compromised more than twice the records initially thought to have been exposed.
The breach was first discovered in mid-August, and the agency estimated the number of records compromised to be about 14,000, but increased the estimate to about 53,000 near the end of the month. Th agency no estimates the compromised records to be much higher than first thought.
“As part of the ongoing investigation, the Department is determining which individuals Personally Identifiable Information (PII) was affected. The department has now identified approximately 104,179 past and current federal employees, including dependents and contractors, whose name, social security number, and date of birth were compromised by this cyber incident,” the agency said in a FAQ release.
The breach was tied to the DOEInfo system, an employee database run by the agency’s Office of the Chief Financial Officer which was said to be out of date and susceptible to attack due to the lack of patch updates against known vulnerabilities.
“Based on the findings of the Department’s ongoing investigation into this incident, we do believe PII theft may have been the primary purpose of the attack. Accordingly, the Department encourages each affected individual to be extra vigilant and to carefully monitor bank statements, credit card statements, emails and phone calls relating to recent financial transactions,” the agency warned.
Read More Here…