A contractor at a US national lab and a radioactive waste storage site managed by the Department of Energy were among the victims of wide-ranging cyberattack that saw several federal agencies hacked, according to a person familiar with the matter.
A department spokesperson confirmed Thursday that records from two of the agency’s “entities were compromised,” though further details on the extent of the breach couldn’t immediately be determined. Multiple US agencies were compromised by a hacking campaign in which attackers exploited flaws in a popular software tool to gather information from a range of victims.
“DOE took immediate steps to prevent further exposure to the vulnerability and notified the Cybersecurity and Infrastructure Security Agency,” an agency spokesperson said. “The department has notified Congress and is working with law enforcement, CISA, and the affected entities to investigate the incident and mitigate impacts from the breach.”
A contractor for the department’s Office of Science and national laboratories, including Tennessee’s Oak Ridge National Laboratory that produces uranium for nuclear bombs and conducts nuclear energy research, was among the victims. The Oak Ridge Institute for Science and Education is overseen by the Oak Ridge National Laboratory Site Office, but spokesperson Pam Bonnee said the breached materials had nothing to do with the national lab.
The Energy Department’s Waste Isolation Pilot Plant in Carlsbad, New Mexico, which stores nuclear waste from the country’s weapons thousands of feet underground, was also affected by the attack. As of Thursday afternoon, the facility’s website was offline. A spokesperson at the facility declined to comment.