Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

U.S. Dept. of Energy reports second security breach

From: InfoSec News <alerts () infosecnews org>
Date: Mon, 19 Aug 2013 06:30:15 +0000 (UTC)
http://www.csoonline.com/article/738230/u.s.-dept.-of-energy-reports-second-security-breach

By Steve Ragan
Staff Writer
CSO Online
August 16, 2013
In a letter sent to employees on Wednesday, the U.S. Department of Energy (DOE) disclosed a security incident, which resulted in the loss of personally identifying information (PII) to unauthorized individuals. This is the second time this year such a breach has occurred. The letter, obtained by the Wall Street Journal, doesn't identify the root cause of the incident, or provide much detail, other than the fact that no classified data was lost.
"The Department of Energy has confirmed a recent cyber incident that occurred at the end of July and resulted in the unauthorized disclosure of federal employee Personally Identifiable Information (PII)...We believe about 14,000 past and current DOE employees
Back in February, the DOE disclosed a similar incident where PII was lost. In addition, that incident also included the compromise of 14 servers and 20 workstations. At the time, officials blamed Chinese hackers, but two weeks earlier a group calling itself Parastoo (a common girls name in Farsi) claimed they were behind the breach, posting data allegedly taken from a DOE webserver (including a copy of /etc/passwd and Apache config files) as proof.
In this most recent case, the motive behind the attack may be something simple, such as data harvesting, since PII is rather valuable to criminals. Or it may be something else entirely. 

[...]



--
Find the best InfoSec talent without breaking your budget!
Post a Job! $99 for 31 days
http://www.hotinfosecjobs.com/
Previous By Date Next
Previous By Thread Next

Current thread: