In the memo, the department said it was working with its internal cybersecurity office; the Office of Health, Safety and Security; and the Office of Inspector General and other federal law enforcement officials to determine the source of the incident.
Read below for the full DOE memo:
The Department of Energy has confirmed a recent cyber incident that occurred at the end of July and resulted in the unauthorized disclosure of federal employee Personally Identifiable Information (PII).
The Department is strongly committed to protecting the integrity of each employee’s PII and takes any cyber incident very seriously. The Department's Cybersecurity office, the Office of Health, Safety and Security and the Inspector General's office are working with other federal law enforcement to obtain information concerning the nature of the incident. No classified data was targeted or compromised. Once the full nature and extent of this incident is known, the Department will implement a full remediation plan.
We believe about 14,000 past and current DOE employees’ PII may have been affected. Individual notifications to affected current employees will begin no later than this Friday, August 16, and will be completed by August 30. While a significant number of employees whose information may have been affected may no longer be employed by the Department, it will be necessary to obtain current contact information in order to notify these personnel. The individual notification process for former employees will begin this week.
Current and former employees receiving an individual notification will be provided with additional information and offered assistance on protecting themselves from potential identity theft. The Department will offer affected personnel free credit monitoring for one year as well as provide recommendations and best practices for minimizing the potential for identity theft.
If you have any further questions, you may send an encrypted email to firstname.lastname@example.org. For further valuable information regarding protecting yourself from identity theft, and resolving identity theft if it should occur, see these websites: