Nov 29, 2023
Idaho National Laboratory suffered a data breach on Nov. 20 which compromised sensitive information of its current and former employees. C
Idaho National Laboratory suffered a data breach Nov. 20 that resulted in the exposure of sensitive information on current and former employees at the site.
The information released included Social Security numbers, addresses, phone numbers, bank account numbers and other personal information. Some former INL employees said they are disappointed by what they perceive as a lack of communication or a slow response from the lab.
INL didn’t post a news release about the incident on its website until Wednesday.
The release said the laboratory is working with the U.S. Department of Energy, the FBI, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, and other national labs to investigate the breach.
“Impacted individuals will receive a joint notification letter from Experian and INL soon,” the release said.
INL Media Relations Manager Sarah Neumann said the hack occurred outside the laboratory with a federally approved cloud vendor system. This cloud system supports INL’s human resource services.
Neumann said INL is still investigating the breach but is making progress in advising its employees on protecting their information. Lab officials recommend affected parties place a credit freeze on their accounts, monitor financial accounts for suspicious activity, update passwords and use multifactor authentication for their accounts.
Neumann also said INL is working to establish a contract with a no-cost credit monitoring service for the employees affected by the hack.
A former INL employee, who was granted anonymity for this article, spoke to the Post Register about her experience with her information being released.
The woman worked on the lab’s study of electrical systems.
“It’s really scary knowing that it’s affected so many people,” she said. “When I was looking at the list and some of the former employees I know, I saw them there, and they don’t live in eastern Idaho (anymore).”
The woman said she found out about the hack from her mother who’d read a news article about it. She later checked and saw her information on the list.
“Never did I think that it would be me, not even having a full-time job with a company, that would have this result,” she said.
Since the breach, the former employee said she has not received any communication from INL about the breach or steps to mitigate its effects.
“It’s only pretty much word of mouth and what the news has been covering that I can see the status on that,” she said.