The Washington Post

DOE was aware of security issues that exposed employees to hackers

The Department of Energy failed to address suspected cyber-security weaknesses before a July hacking incident that compromised the private information of employees, their dependents and contractors, according to federal auditors.

In a report released Wednesday, Department of Energy Inspector General Gregory Friedman said the breach last summer affected more than 104,000 individuals, providing access to names, Social Security numbers, dates of birth and other information from a human-resources network.

(Kiyoshi Ota - Bloomberg) (Kiyoshi Ota/Bloomberg)

The department has been hacked three times since May 2011, according to auditors. DOE acknowledged two incidents this year alone, telling employees in an August memo that it would offer one year of free credit monitoring for impacted personnel and assistance in protecting them from identity theft.

The inspector general determined that those efforts, along with paid leave allowed for individuals needing to correct issues associated with the breaches, could cost the government up to $3.7 million.

Auditors found that the department did not implement accepted standards for protecting its networks and failed to ensure that its security controls were working effectively in many cases.

The report said the department used complete Social Security numbers contrary to federal guidance, allowed direct Internet access to a highly sensitive system without adequate protections and failed to take action on known network vulnerabilities.

“In spite of a number of early warning signs that certain personnel-related information systems were at risk, the department had not taken action necessary to protect the [information],” Friedman said in a summary.

Confusion about who was in charge of making the fixes, poor communication among responsible officials and pressure to keep systems running to maintain productivity all contributed to the problems, according to the report.

Despite the recent breaches, the department said in August that no classified government information was compromised or targeted. However, hackers could use stolen employee data to access other agency systems, potentially leading to future intrusions.

“Given the unprecedented extent of this security event and loss of [personally identifiable information], prompt and effective corrective actions are essential,” Friedman said.

In its response to the audit findings, the department agreed to implement all of the inspector general’s recommendations. The measures include clarifying who is responsible for the affected systems, developing a central authority to shut down networks known to be vulnerable and removing unnecessary information, including Social Security numbers where possible.

Follow Josh Hicks on TwitterFacebook or Google+. Connect by e-mail at  josh.hicks@washpost.comVisit The Federal Eye, The Fed Page and Post Politics for more federal news. E-mail federalworker@washpost.com with news tips and other suggestions.

Josh Hicks covers Maryland politics and government. He previously anchored the Post’s Federal Eye blog, focusing on federal accountability and workforce issues.

The Freddie Gray case

Please provide a valid email address.

You’re all set!

Campaign 2016 Email Updates

Please provide a valid email address.

You’re all set!

Get Zika news by email

Please provide a valid email address.

You’re all set!
Comments
Show Comments
New Hampshire has voted. The Democrats debate on Thursday. Get caught up on the race.
The Post's Philip Rucker and Robert Costa say...
For Trump, the victory here was sweet vindication, showing that his atypical campaign could prevail largely on the power of celebrity and saturation media coverage. But there was also potential for concern in Tuesday's outcome. Trump faces doubts about his discipline as a candidate and whether he can build his support beyond the levels he has shown in the polls.
The Post's John Wagner and Anne Gearan say...
Hillary Clinton, who was declared the winner of the Iowa caucuses last week by the narrowest of margins, now finds herself struggling to right her once-formidable campaign against a self-described democratic socialist whom she has accused of selling pipe dreams to his supporters.
Quoted
People have every right to be angry. But they're also hungry for solutions.
Hillary Clinton, in her New Hampshire primary night speech
Quoted
I am going to be the greatest jobs president that God ever created.
Donald Trump, in his New Hampshire primary victory speech
Upcoming debates
Feb. 11: Democratic debate

on PBS, in Wisconsin

Feb 13: GOP debate

on CBS News, in South Carolina

Feb. 25: GOP debate

on CNN, in Houston, Texas

Campaign 2016
See results from N.H.
Most Read

politics

federal-eye

Success! Check your inbox for details.

See all newsletters

Close video player
Now Playing

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.