Personal information of thousands of Idaho National Laboratory employees leaked online

The Idaho National Laboratory (INL), one of the leading laboratories in the US for nuclear energy, has suffered a data breach involving the personal information of thousands of employees.

A threat group took responsibility for the breach this Sunday, after releasing a sample of stolen data online. The INL said the security incident affected its HR application servers.

“Earlier this morning, Idaho National Laboratory determined that it was the target of a cybersecurity data breach, affecting the servers supporting its Oracle HCM system, which supports its Human Resources applications,” INL spokesperson Lori McNamara told the press. “INL has taken immediate action to protect employee data.”

The hacking group had no trouble announcing the feat via Telegram and social media platform X, where they boasted about stealing “hundreds of thousands of user, employee and citizen data” in the breach.

INL says it’s working closely with federal law enforcement and the Department of Homeland Security to investigate the extent of the incident, and that they are still in the process of gathering information so they can notify all impacted individuals.

Local news outlets investigating the claim of the threat group have looked at some of the leaked sample files. The data included names, dates of birth, email addresses, phone numbers, SSNs and other employment information.

Researchers at CyberScoop say the files they analyzed weren’t related just to current employees.

“A sample of the leaked information viewed by CyberScoop includes social security numbers, health care information, bank account and routing numbers, types of accounts, and marital status, among other things,” CyberScoop explained.

“One file includes a detailed list of recent terminations and a brief reason for the termination. One file containing over 58,000 lines of data spanned current, retired and former employee data.”

The breach prompts severe security concerns, for both individuals and critical US infrastructure. Armed with the details of INL’s employees, cybercriminals could attempt to penetrate the lab’s defenses to steal highly sensitive data and create other national security concerns, among obvious immediate fraud and social engineering attacks against workers.

Billions of records are stolen and compromised every year. On top of giving malicious groups fuel to further damage companies, governments and organizations, regular individuals are always caught in the crossfire.

It’s time to take a stand and be proactive about your online identity to protect against identity theft crimes, account take over attacks or reputation loss.

With Bitdefender Digital Identity Protection, there’s no more losing track of your digital identity and online exposure to data breaches and leaks. Our identity protection tool acts as your safety net whenever key and sensitive elements of your digital footprint are unwittingly exposed online.