Dept. Of Energy Breach: Bigger Than We Realized

[InfoSec News <alerts () infosecnews org>]

http://www.informationweek.com/security/attacks/dept-of-energy-breach-bigger-than-we-rea/240162952

By Mathew J. Schwartz
InformationWeek
October 22, 2013

The Department of Energy has revised its count of the number of people 
whose information was compromised in a July 2013 intrusion that resulted 
in the theft of personal information.

"The department has now identified approximately 104,179 past and current 
federal employees, including dependents and contractors, whose name, 
social security number, and date of birth were compromised by this cyber 
incident," says a July 2013 Cyber Incident FAQ released by the agency's 
Office of the CIO.

That data breach victim count more than doubles the number of records that 
the agency previously thought might have been compromised. Of the people 
affected, "64,480 are personnel within our direct DOE Federal and M&O 
[management and operating] Contractor Community, including spouses, 
dependents, and former employees," according to a memo distributed to DOE 
employees on Oct. 11, 2013. "The remainder are personnel from other 
federal agencies and support contractors."

The memo further disclosed that 2,800 employees who have their DOE salary 
directly deposited into their bank account had that bank account number 
compromised as well. The agency said it's been able to notify most -- but 
not all -- of those affected people, owing to the agency not having 
up-to-date address information on hand for some former employees.

[...]



--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/