Data not 'improperly distributed'

The personal information of some 12,000 Savannah River Site employees stolen earlier this year was not “improperly distributed,” though it was found in the hands of a Site employee.

In an email distributed to SRS employees Monday, Dr. David Moody, manager of the Department of Energy-owned site, said the picture of the compromising of personally identifiable information has become clearer.

The Savannah River Site's Cyber Security Team identified the unauthorized disclosure of personally identifiable information in March, indicating this was not the result of a cyber-intrusion. This would mean someone from within the secure walls of SRS had accessed the information.

“I want to take this opportunity to follow up on my March 5 Savannah River Site employee communication,” Moody wrote. “The event that triggered the message was the discovery of personally identifiable information in the possession of an SRS employee. The circumstances surrounding the possession have since been clarified; there is no indication that the employee improperly distributed or compromised your PII.”

In March, the personal information of 12,000 employees was reported to have been compromised, but DOE stressed that no classified information was taken from the top-secret, nuclear weapons complex site.

DOE officials would not, at that time, release details of the breach as the incident was under investigation by the Office of the Inspector General. The Inspector General has not yet released any of its findings publicly.

“I hope this provides you with some clarity, and I trust this message addresses any concerns you may have had related to this PII incident,” Moody ended his message.

Requests for more information on the data theft were not answered Monday.