Department to Extend Credit Monitoring Service for Another Year

Mike Nartker
WC Monitor
7/25/2014

Approximately a year after a significant cyber security breach at the Department of Energy put the personal information of thousands of people at risk, there have been no signs of misuse of data, according to the Department. The breach, which occurred last July, led to the personal information of more than 100,000 current and former federal employees, contractor workers and dependents being compromised. A subsequent investigation found that hackers were able to exploit software vulnerabilities to gain access to DOE’s Management Information System (MIS) and last fall, British law enforcement arrested a 28-year-old believed to be behind the DOE incident, as well as cyber security breaches at other government agencies. “We are pleased that a few months after the attack, federal law enforcement charged an individual with conspiracy to access and damage the protected computer networks at multiple U.S. government agencies, which included the intrusion at the Department of Energy.  We are also pleased to let you know that we have no confirmed reports of misuse of the personal information taken from DOE,” the Department’s Chief of Staff, Kevin Knobloch, said in a message to employees DOE provided to WC Monitor late this week.

An investigation by the DOE Inspector General’s Office put the cost of the cyber security breach at approximately $3.7 million. Among the actions DOE took in the wake of the incident was to provide one year of credit monitoring services to those who may have been impacted. DOE has decided to extend those services for another year, according to Knobloch. “DOE’s overriding concern related to the 2013 incident is for the security and integrity of your personal information, including any impact of this incident on your financial and credit history,” Knobloch said in his message to employees. “Although the common practice in government and industry is to provide one year of credit monitoring following an incident such as this, DOE wants to exercise an abundance of caution and extend your credit monitoring by an additional year. You will not need to do anything to take advantage of this additional year of free credit monitoring.”

Senate Appropriators Concerned Over Cyber Security Management

Despite DOE’s efforts to improve cyber security, Senate appropriations appear to continue to have concerns over the Department’s management, according to the report accompanying the Senate Fiscal Year 2015 Energy and Water Appropriations bill. “The Committee is encouraged by the Department’s decision to establish a Cyber Council in 2013 to coordinate cyber-related activities across the Department. However, the Committee is concerned by a lack of transparency in funding cyber security activities and the lack of a single senior official responsible for managing those funds based on strategic priorities,” says the report, released late this week. The report notes, “Currently, cybersecurity activities for energy, science and environmental management are funded in 11 different accounts.” Under the Senate bill, which has only been reported out of subcommittee, DOE would be directed to consolidate cyber security funding for energy, science and environmental management missions under the Chief Information Officer beginning in FY 2016.