Federal agencies investigating data breach at nuclear research lab

A prominent nuclear research lab within the U.S. Department of Energy is continuing to investigate a data breach after a hacktivist group said it infiltrated the organization’s systems and shared screenshots proving their access.

Idaho National Laboratory, which conducts groundbreaking research into nuclear reactors, has more than 5,700 employees and is based near Idaho Falls.

On Sunday, the SiegedSec hacktivist group claimed to have attacked the organization and leaked some of the information that was taken, including employee names, dates of birth, addresses, Social Security numbers and more. Recorded Future News checked the screenshots of the data and confirmed that the people listed work for the laboratory.

A spokesperson for the organization initially told local news outlet EastIdahoNews.com on Monday that it was the target of a data breach that affected “the servers supporting its Oracle HCM [Human Capital Management] system, which supports its Human Resources applications.”

Spokesperson Lori McNamara added that they contacted law enforcement agencies like the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) for help with the investigation.

In updates sent to Recorded Future News, McNamara said they are continuing to investigate the breach that occurred on November 20 “in a federally approved cloud vendor system outside the lab” used for human resources services.

“As the investigation progresses, INL has advised employees to follow best cybersecurity practices to keep their information safe such as: establishing a credit freeze, monitoring financial accounts (bank, credit card, shopping) for suspicious activity, and updating passwords or implementing multifactor authentication,” she said.

“INL is in the process of establishing a contract to provide a no-cost credit monitoring service for employees potentially impacted by the breach. More information will be shared as details are confirmed.”

In another statement, McNamara said they took “immediate action to protect employee data” while coordinating with federal law enforcement agencies.

The SiegedSec hackers posted another message on Telegram on Wednesday afternoon, taunting the organization and claiming to have attacked another local government in the U.S.

SiegedSec has made several hacking claims over the last year, some of which were confirmed and others which were proven false.

The group, which purports to launch its attacks for a variety of politically-motivated reasons, attacked unclassified websites run by the North Atlantic Treaty Organization (NATO) last month.

SiegedSec also attacked several state-run websites this summer, targeting platforms in Nebraska, South Dakota, Texas, Pennsylvania and South Carolina.

A week later, the group claimed to have attacked government systems run by the city of Fort Worth, Texas, but officials later determined that much of that information was already publicly available.

SiegedSec claimed it hacked the governments of Arkansas and Kentucky last year after the state banned abortion following the Supreme Court decision to overturn Roe v. Wade, but state officials also confirmed that the group simply downloaded publicly available record data.