The Department of Energy’s Waste Isolation Pilot Plant in New Mexico was among numerous federal entities that suffered a data breach Thursday as part of an international cyber hack involving the “”MOVEit” software.
“Upon learning that records from two DOE entities were compromised in the global cyberattack on the file-sharing software MOVEit Transfer, DOE took immediate steps to prevent further exposure to the vulnerability and notified the Cybersecurity and Infrastructure Security Agency (CISA),” according to a DOE spokesperson. That agency is part of the Department of Homeland Security.
A source with knowledge of the situation confirmed a report from the Federal News Network that the other DOE entity was a contractor at the Oak Ridge Site in Tennessee, Oak Ridge Associated Universities. While it is likely some personal data was swept up in the attack, it is not believed the hackers got inside the system, the source said.
While the Waste Isolation Pilot Plant (WIPP) website was down early Thursday afternoon, the outage was caused by problems with a fiber optic cable, rather than the cyberattack, the source said. The WIPP website was back up Friday morning.
DOE “takes cybersecurity and the responsibility to protect its data very seriously” and is continuing to monitor the situation, the agency spokesperson said.
DOE was one of numerous federal agencies to be affected by the “global” cyberattack, the Cable News Network reported. CNN said it is unclear if the attack was the work of a Russian-speaking ransomware group.