WASHINGTON (Reuters) - The Department of Energy’s electronics network was attacked by hackers in mid-January but no classified data was compromised, the agency said in a letter to employees.
The attack “resulted in the unauthorized disclosure of employee and contractor Personally Identifiable Information,” the Energy Department said in the letter, which was received by employees at its headquarters in Washington late on Friday and obtained by Reuters on Monday.
The department said it was working with federal law enforcement to gather more information on the nature and scope of the attacks and assess the potential impact on staff and contractors. “Based on the findings of this investigation, no classified data was compromised,” the letter said.
Government agencies are required to disclose details when confidential personal data has been hacked. But there are no laws requiring them to disclose information when classified data is raided by hackers.
It was not clear which divisions at the agency’s headquarters were breached in the attack, and it was also uncertain who the hackers were or where they were based.
A department spokesman declined to comment, and a spokesman for the Energy Information Administration, which publishes data that helps keep oil, gas and electricity markets stable, deferred to DOE headquarters.
Government agencies and contractors handling classified information are supposed to use special safeguards to protect classified information from disclosure.
The most highly classified information, such as intelligence information, is supposed to be stored on systems that are completely isolated from the Internet.
Over the years, flaws in the systems for handling classified information have emerged, however. In the past, Energy Department installations that design and build nuclear weapons, including the Los Alamos National Lab in New Mexico, have faced scandals over alleged mishandling of classified information.
In 2006, for example, after raiding a house trailer containing a suspected small methamphetamine lab, local police found three computer memory sticks containing classified information downloaded from the Los Alamos lab’s computers.
One of the largest security scandals in modern U.S. history, the leaking of hundreds of thousands of State Department cables and military reports to the website WikiLeaks, allegedly occurred because, in an effort to share intelligence more widely with operations in the field, agencies sent classified reports electronically to battlefield intelligence units, where data protection measures were lax.
Among the material obtained by WikiLeaks, however, not a single document that has surfaced to date was classified higher than “secret” - a fairly low-grade classification. Intelligence officials were not particularly alarmed by the WikiLeaks leaks because none of their truly sensitive material was leaked.
In late 1999, a Los Alamos nuclear weapons scientist born in Taiwan, Wen Ho Lee, was arrested and indicted for allegedly mishandling classified information from the lab. However, prosecutors ultimately dropped all but one charge against him, to which he pleaded guilty, and the case ended with Lee receiving settlement payments from the government and some news organizations.
The Energy Department said in its letter that it was increasing monitoring across its networks and deploying tools to protect sensitive assets.
Additional reporting by Mark Hosenball in Washington and Jim Finkle in Boston; Editing by Dan Grebler