Idaho National Laboratory reports data breach, exposes employee data

published: Nov. 20, 2023

Learn More

Idaho National Laboratory (INL), one of the national laboratories of the United States Department of Energy reports a significant cybersecurity incident and data breach. The breach resulted in the unauthorized disclosure of critical personal information of INL employees.

The compromised system is INL's Oracle HCM, a platform integral to the laboratory's Human Resources functions. In response to the breach, INL has taken decisive measures aimed at safeguarding employee data and is collaborating with the FBI as well as the Cybersecurity and Infrastructure Security Agency.

A hacktivist group called SiegeSec, with apparent political motivations has stepped forward on various social media platforms, asserting responsibility for the breach. On Twitter SiegedSec claimed that it obtained “hundreds of thousands of user, employee and citizen data” in the hack, including full names, dates of birth, email addresses, phone numbers, Social Security numbers, address, employment information and “lots lots more!” The group is also sharing a link to the files.

The hacktivist group SiegeSec has conducted a high profile attack on NATO, leaking internal documents as a retaliation against NATO member countries for their supposed attacks on human rights. The group commonly attacks government and affiliated organizations for political reasons, like targeting state governments for passing anti-trans legislation earlier this year.

Per the information from INL the leaked data encompasses a range of sensitive details, including but not limited to

  • employees residential addresses,
  • Social Security numbers,
  • details of bank accounts.

News sites able to access, download, and verify the authenticity of the hacked data, which affects a significant number of local employees. It was found that the leaked data is much larger data set than the one reported by INL and included:

  • names,
  • birth dates,
  • email addresses,
  • phone numbers,
  • Social Security numbers,
  • physical addresses,
  • employment details.

News sites were provided a file listing active employee social security numbers contained over 6,000 entries, surpassing INL's reported employee count of approximately 5,500 as of October 2022. Additionally, a comprehensive file encompasses over 58,000 lines of data covering current, retired, and former employees. Some data in the leaked files were updated as recently as October 31, 2023, and further categories of information hinted at in screenshots suggest the breach may extend beyond the data initially reviewed.

No official details are available about the number of affected individuals nor the nature of the attack. INL is still in the process of collating comprehensive information and has committed to updating its employees with guidance and next steps.

Update - As of 1st December 2023, the total number of people impacted by the leak remains unknown, but it numbers in the thousands of current and former local workers. The INL’s new webpage about the breach specifies the data was stolen from current and former employees of Battelle Energy Alliance, the contractor that manages Idaho National Laboratory. This includes information about interns and postdoctoral students. The leak also included data about the spouses and dependents of employees.
Additionally, anyone employed by the Idaho Cleanup Project between 2005 and mid-2006 may have been impacted by the breach.

Idaho National Laboratory reports data breach, exposes employee data