More than 45,000 affected by cyberattack on Idaho nuclear research lab

The information of more than 45,000 people was leaked because of a cyberattack late last month at a federally run nuclear research lab.

In filings with regulators in Maine, Montana and Oregon, the Idaho National Laboratory (INL), said 45,047 employees, former employees, spouses and dependents had sensitive information stored on an “off-site data center” that was accessed by hackers on November 20.

The prominent U.S. Department of Energy nuclear research lab, based near Idaho Falls, is known for groundbreaking research into nuclear reactors, and currently has more than 5,700 employees.

“The event did not impact INL’s own network, or other networks or databases used by employees, lab customers or other contractors. The event continues to be investigated by federal agencies including the Department of Energy, Federal Bureau of Investigation, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency,” the facility said in breach notification letters.

“Though the matter is currently under investigation, this notice was not delayed as a result of law enforcement investigations. We can confirm that multiple forms of sensitive personally identifiable information (PII) including names, social security numbers, salary information and banking details were exposed for many individuals. Some individuals only had their names and dates of birth compromised. The compromised information contained payroll data for employees, former employees, and retirees that was current as of June 1, 2023.”

INL said once it discovered the hack, it immediately “worked to restrict access to the server that was involved in the breach, alerted federal law enforcement agencies, and began the process of confirming the individuals and the types of information that were compromised.”

The facility also claimed to have notified those impacted “through internal and external means.” Victims are being offered 12 months of identity protection services.

In statements to Recorded Future News at the time, INL confirmed that a hacktivist group infiltrated the organization’s systems and shared screenshots proving its access.

The group, known as SiegedSec, claimed to have leaked some of the information that was taken, including employee names, dates of birth, addresses, Social Security numbers and more. Recorded Future News checked the screenshots of the data and confirmed that the people listed work for the laboratory.

The hackers accessed “a federally approved cloud vendor system outside the lab” used for human resources services, a spokesperson said.

SiegedSec has made several hacking claims over the last year, some of which were confirmed and others which were proven false.

The group, which purports to launch its attacks for a variety of politically-motivated reasons, attacked unclassified websites run by the North Atlantic Treaty Organization (NATO) in October.

SiegedSec also attacked several state-run websites this summer, targeting platforms in Nebraska, South Dakota, Texas, Pennsylvania and South Carolina.