A leading US laboratory famed for cybersecurity, nuclear and clean energy research has reportedly suffered a major breach of employee data.
Dating back to the 1940s, Idaho National Laboratory (INL) is responsible for generating the first usable electricity from nuclear power and developing the first nuclear propulsion systems for nuclear submarines and aircraft carriers.
More recently, it claims to have become “a world leader in securing critical infrastructure systems,” and particularly industrial control systems.
However, local reports claim the facility suffered a massive data breach affecting its HR systems on Sunday night.
“Earlier this morning, Idaho National Laboratory determined that it was the target of a cybersecurity data breach, affecting the servers supporting its Oracle HCM system, which supports its human resources applications,” spokesperson Lori McNamara told EastIdahoNews.com.
“INL has taken immediate action to protect employee data. INL has been in touch with federal law enforcement agencies, including the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to investigate the extent of data impacted in this incident.”
An unnamed hacktivist group has claimed responsibility for the incident on social media, after claiming to have obtained “hundreds of thousands” of data points from the INL. This reportedly includes dates of birth, email addresses, phone numbers, Social Security numbers, physical addresses and employment information.
As one of 17 US Department of Energy national labs, INL is said to be home to over 6000 researchers and support staff.
Token CEO, John Gunn, argued that 90% of data breaches stem from a successful phishing attack, with legacy multi-factor authentication (MFA) often to blame.
“So many headlines and so many breached companies – and all from the same vulnerability,” he added. “It will only get worse as cyber-criminals expand their use of AI.”
Image credit: Michael Vi / Shutterstock.com