The Idaho National Laboratory (INL), a nuclear energy testing lab, has suffered a massive data breach after a hacktivist group called SiegedSec leaked sensitive employee data online.
The INL is a science-based, applied engineering national laboratory dedicated to supporting the US Department of Energy's missions in energy research, nuclear science and national defense. The lab has numerous alternative energy and national security programs and hosts a variety of unique facilities, including the Advanced Test Reactor National Scientific User Facility.
Earlier this week, SiegedSec announced it had gained access to INL data, including details on “hundreds of thousands” of employees, system users, and citizens. The group has published the data on hacker forums and on their Telegram channel.
The data allegedly included full name, date of birth, email address, phone number, Social Security number, address, and employment information.
The INL spokesperson has confirmed the breach and said that it impacted its Oracle HCM system, a cloud-based workforce management platform that provides payroll and other human resources solutions.
“Earlier this morning, Idaho National Laboratory determined that it was the target of a cybersecurity data breach, affecting the servers supporting its Oracle HCM system, which supports its Human Resources applications. INL has taken immediate action to protect employee data,” INL media spokesperson Lori McNamara told EastIdahonews. “INL has been in touch with federal law enforcement agencies, including the FBI and the Department of Homeland Security’s Cyber Security and Infrastructure Security Agency to investigate the extent of data impacted in this incident.”
The INL didn’t say whether the incident affected any systems containing classified information or nuclear research.