The U.S. Department of Energy (DOE) recently announced that a breach in late July of 2013, which had previously been described as affecting approximately 14,000 current and former employees, is now thought to have exposed a total of 53,000 current and former employees’ names, Social Security numbers and birthdates (h/t InformationWeek).
According to InformationWeek, the breach involved an outdated, publicly accessible ColdFusion system called DOEInfo.
A statement on the DOE’s Web site reads, “Based on the findings of the Department’s ongoing investigation into this incident, we do believe PII theft may have been the primary purpose of the attack. Accordingly, the Department encourages each affected individual to be extra vigilant and to carefully monitor bank statements, credit card statements, emails and phone calls relating to recent financial transactions.”
The DOE says all those affected should receive a notification letter by September 15, 2013, and will be offered one year of free credit monitoring services.
Still, the statement makes it sounds like the investigation is far from complete. “The Department’s Cybersecurity office, the Office of Health, Safety and Security and the Inspector General’s office are working with other federal law enforcement to investigate this incident,” it reads. “Once the full nature and extent of this incident is known, the Department will implement a full remediation plan.”