Idaho National Laboratory (INL), renowned for its pioneering work in cybersecurity, nuclear energy, and clean energy research since the 1940s, has been the recent target of a significant data breach affecting its employee records.
The laboratory, historically credited with generating the first usable nuclear power electricity and developing nuclear propulsion systems for submarines and aircraft carriers, has in recent times claimed leadership in safeguarding critical infrastructure systems, especially industrial control systems.
However, reports surfaced locally suggesting a breach in the facility’s HR systems on a recent Sunday night, impacting its Oracle HCM system supporting human resources applications, as confirmed by INL spokesperson Lori McNamara in a statement to EastIdahoNews.com.
Immediate measures were taken by INL to safeguard employee data, with the laboratory engaging federal law enforcement agencies such as the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to conduct a thorough investigation into the scope of the breached data.
While an unnamed hacktivist group has asserted responsibility for the breach on social media, claiming access to “hundreds of thousands” of data points from INL, including dates of birth, email addresses, phone numbers, Social Security numbers, physical addresses, and employment information.
The significance of INL within the US Department of Energy’s network of national labs cannot be understated, housing over 6000 researchers and support staff.
John Gunn, the CEO of Token, emphasized the prevalence of data breaches resulting from successful phishing attacks, often attributing them to legacy multi-factor authentication systems. He cautioned about the escalating threat posed by cyber-criminals leveraging AI, foreseeing a worsening scenario if preventive measures aren’t enhanced across industries.
