Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

A top US nuclear energy testing facility has been hit by a serious cyberattack and data breach

Zero-day attack.

The Idaho National Laboratory (INL), a US government nuclear research center that works on the development, demonstration, and deployment of nuclear energy, has confirmed suffering a cyberattack and data theft.

Speaking to local media outlet East Idaho News, INL spokesperson Lori McNamara said the data breach affected servers “supporting its Oracle HCM system, which supports its Human Resources applications,” BleepingComputer reports. “INL has taken immediate action to protect employee data," McNamara added.

"INL has been in touch with federal law enforcement agencies, including the FBI and the Department of Homeland Security's Cyber Security and Infrastructure Security Agency to investigate the extent of data impacted in this incident."


Announcing the breach

At the same time, hacktivists SiegedSec took responsibility for the attack, leaking the stolen data on its Telegram channel. Allegedly, the group is not interested in any ransom payment or anything of the sort. The data it published includes employee names, birth dates, email addresses, phone numbers, Social Security Numbers (SSN), postal addresses, and employment information on “hundreds of thousands” of people. Not only is this enough for identity theft or phishing attacks, this information can be used for wire fraud, too.

SiegedSec also posted screenshots of the tools INL allegedly uses in-house to access documents and create announcements. In fact, it created a custom announcement and notified all employees of the data breach.

The INL has more than 5,000 employees, including experts in atomic energy, integrated energy, and national security. 

As per BleepingComputer, INL currently works on next-gen nuclear plants, light water reactors, control systems cybersecurity, advanced vehicle testing, bioenergy, robotics, nuclear waste processing, and more.

We last heard of SiegedSec in February this year, when it leaked Atlassian workers’ sensitive data. In that incident, the group used stolen credentials to access Envoy, a third-party app that Atlassian uses for the coordination of in-office resources.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.