Nuclear Research Lab Data Breach Compromises Personal Information of 45K Individuals

After confirming the cyberattack incident in November 2023, the Idaho National Laboratory (INL) went on to disclose that hackers had stolen information of tens of thousands of individuals.

The US nuclear research lab is one of the 17 national laboratories operating under the US Department of Energy (DOE) and employs 6,100 researchers involved in nuclear research and security solutions.

The incident notification shared with the Office of the Maine Attorney General revealed that the incident which occurred on November 19, was discovered by INL the very next day. It claimed that the breach did not impact its own network or database, rather its off-site Oracle HCM system that ‘’supports certain INL Human Resources applications.”

Data exfiltration of around 45,047 current and former employees (including postdocs, graduate fellows and interns), dependents, and spouses is said to have occurred. Moreover, employees hired by the Idaho Cleanup Project (ICP) between 2005 until mid-2006 may have also been impacted by this breach. Only employees recruited after June 1, 2023 did not suffer any impact.

The stolen data includes sensitive personally identifiable information like names, social security numbers, salary information, and banking details. Some individuals also had their names and dates of birth information stolen. Data like payroll details for employees, former employees, and retirees that was current as of June 1, 2023 was also compromised.

In response to the attack, affected individuals will be notified via letters as well as provided with free comprehensive credit monitoring services. INL has also advised individuals to freeze their credit report and remain vigilant about suspicious financial transactions on their accounts.

The ongoing investigation is said to be conducted in partnership with DOE, the FBI, the CISA, and other national labs.

On November 20, the incident was claimed by the notorious hacktivist’s group SiegedSec, by leaking stolen information on their Telegram channel and a popular leak forum.