The personal information of 12,000 Savannah River Site employees may have been compromised, according to the Department of Energy.
The DOE is reporting there has been no classified information taken from the top secret, nuclear weapons complex site. However, DOE officials said they remain in the dark over who perpetrated the leak and why the information was taken.
DOE officials would not yet release details on when the breach happened.
“Based on preliminary reviews, it is estimated that PII (Personal Identifying Information) for over 12,000 individuals may have been affected,” a document released last week to employees reads. “The Savannah River Site's Cyber Security Team identified this unauthorized disclosure of PII. Initial indications are that this disclosure was not the result of a cyber-intrusion and no classified data was compromised.”
The response and the data breach is reminiscent of that which is currently affecting millions of South Carolinians after the Department of Revenue lost taxpayer's personal information to hackers. However, this is not a “hack” of data, DOE officials said.
Site management and operations contractor Savannah River Nuclear Solutions has had problems with software improvements and the management of software projects within the last year, according to reviews released in recent months.
Financial management software upgrades and improvements to software that tracks classified information were not as needing to be improved, according to reviews.
More details on the breach are not being released at this time, as this incident is currently under investigation by the Office of the Inspector General.
“While we do not know the intent of the unauthorized disclosure of PII, DOE has encouraged Site employees to be vigilant in monitoring financial transactions and emails or phone calls relating to such personal transactions, directing them to available consumer resources for ensuring privacy and identity protection, and establishing an email account to receive employee inquiries.”
David Moody, manager of DOE-Savannah River, said, “DOE is strongly committed to protecting the integrity of each employee's personally identifiable information and takes any unauthorized disclosure very seriously. As more specific information is obtained, the Department will make this available to employees.”
While the Inspector General's investigation is ongoing, DOE is “evaluating additional security technologies to take aggressive steps to reduce the likelihood that unauthorized disclosures of PII could occur again,” documents state.
The steps include “working with public and private sector partners to further harden our networks; conducting deep network scans to ensure that no malware was installed; and, reviewing cost-effective, technical solutions that enable stronger data protection,” according to the release to employees.