US nuclear lab confirms data breach


The Idaho National Laboratory, a major US security lab, had its personnel system breached, with attackers leaking detailed data on thousands of the lab’s employees. INL confirmed it suffered cyberattack.

Politically motivated threat actors SiegedSec claim to have breached the Idaho National Laboratory (INL), a US-based research facility instrumental in US nuclear energy research for decades.

The attackers claim to have accessed a trove of sensitive data on INL’s employees, including names, dates of birth, email addresses, phone numbers, Social Security numbers (SSNs), home addresses, employment details, and other information.

ADVERTISEMENT
INL breach
Attacker's post announcing the leak. Image by Cybernews.

The Cybernews research team has confirmed that the leaked dataset contains sensitive data, and the dataset appears to be legitimate.

INL confirmed the breach to Cybernews, saying the attack affected Oracle Cloud Human Capital Management (HCM) system.

“On Monday, Nov. 20, Idaho National Laboratory determined that it was the target of a cybersecurity data breach, affecting the servers supporting its Oracle HCM system, which supports its Human Resources applications. INL has taken immediate action to protect employee data,” INL spokesperson said via email.

The laboratory added that it reached out to law enforcement agencies, such as the FBI, and the Department of Homeland Security’s Cyber Security and Infrastructure Security Agency.

The attacker’s post on their Telegram channel alleges that all INL employees were sent an announcement of an infantile nature via the lab’s Oracle platform. Companies use the platform to manage, analyze, report data, and manage human resources.

INL has been researching nuclear power since the 1940s and has been one of the critical laboratories to test the impact and use of nuclear reactors. INL also studies energy applications for vehicles and spacecraft. The laboratory employs over 5,300 staff.

Who is SiegedSec?

ADVERTISEMENT

SiegedSec’s attacks appear to be politically motivated as the attackers boast of participating in a coordinated operation against Israel on their Telegram channel. Cybernews has reported the attackers targeting Israeli airline Israir.

Earlier this year, the same attacker group targeted NATO, allegedly stealing information from the Allience’s Communities of Interest (COI) Cooperation Portal, used to share unclassified information between departments and the 31 nation-states that make up the military alliance.

The SiegedSec hacktivist group emerged around the time of the Russian invasion of Ukraine last February. At first, the group’s victims appeared to be random, with cybersecurity analyst SocRadar claiming that SiegedSec “shows no preference for the industries or locations of its victims.”

However, after the escalation of hostilities in Israel following the Hamas October 7th attacks, SiegedSec joined the so-called “Operation Israel,” a coordinated hacker effort to target the country’s vital systems.

SiegedSec has collaborated with the Russia-linked Anonymous Sudan group and has openly shared that it targets critical infrastructure targets in Israel, such as telecommunications and industrial control systems.

Updated on November 21 [02:00 PM GMT] with a statement from the INL.