06 Feb 2013
The Energy Department of the United States suffered a serious data breach in mid-January that allegedly exposed sensitive information about staff and external contractors. Although the department did not announce the breach, the information surfaced in an internal letter to affected employees.
According to the report, the attackers only managed to seize control of employee and contractor Personally Identifiable Information, data that is labeled as confidential but not classified. However, the personal information leaked as a result of the attack may have nefarious consequences in the near future. Many times, leaked details about employees are used in spear phishing attacks, as they give credibility to requests from third parties.
This incident is another warning sign on the precarious security mechanisms used by government agencies and corporations to safeguard access to sensitive information.