You are here

July 2013 Cyber Incident

The Department of Energy (DOE) has confirmed a cyber incident that occurred at the end of July and resulted in the unauthorized disclosure of federal employee Personally Identifiable Information (PII).

1. How did the disclosure of personally identifiable information happen?

Department of Energy networks and employee information hosted on these networks are protected in accordance with federal laws and Department of Energy policies. We are working with interagency partners on actions that can be taken against those responsible and to reduce the likelihood of another successful attack.

2. Who may be affected?

As part of the ongoing investigation, the Department is determining which individuals Personally Identifiable Information (PII) was affected. The Department has now identified approximately 104,179 past and current federal employees, including dependents and contractors, whose name, Social Security number, and date of birth were compromised by this cyber incident.

The Department is notifying all affected individuals and offering assistance on steps they can take to protect themselves against potential fraud or identity theft. Affected individuals will be offered one year of free credit monitoring services.

After receiving a notification, affected individuals can enroll in the offered credit monitoring service, using the activation code found in your notification, by going to the following URL http://www.protectmyid.com/enroll, or calling 877-441-6943.

3. How can I tell if my information was compromised?

If you do not receive a notification letter by October 15, 2013, you should assume it is unlikely your PII was affected. If DOE later determines your PII was affected you will be notified, regardless of the date of discovery.  For further inquiries you may also call the PII Incident Call Center by telephone on 1-855-719-4496.

Based on the findings of the Department’s ongoing investigation into this incident, we do believe PII theft may have been the primary purpose of the attack. Accordingly, the Department encourages each affected individual to be extra vigilant and to carefully monitor bank statements, credit card statements, emails and phone calls relating to recent financial transactions. More information on preventing, detecting and recovering from identity theft is available here: http://www.consumer.gov/section/scams-and-identity-theft.

4. I haven’t noticed any suspicious activity in my financial statements, but what can I do to protect myself from being victimized by credit card fraud or identity theft?

The Department recommends that individuals closely monitor their financial statements and visit the Federal Trade Commission’s (FTC’s) Consumer Information web page at http://www.consumer.ftc.gov/topics/privacy-identity for further information on protecting your privacy and identity.

5. Where should I report suspicious or unusual activity?

The Federal Trade Commission (FTC) recommends the following steps if you detect suspicious activity:

  • Contact the fraud department of one of the three major credit bureaus:

              Equifax: 1-800-525-6285; www.equifax.com;
              P.O. Box 740241, Atlanta, GA 30374-0241

              Experian: 1-888-397-3742; www.experian.com;
              P.O. Box 9532, Allen, TX 75013

              TransUnion: 1-800-680-7289; www.transunion.com;
              Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790

  • Close any accounts that have been tampered with or opened fraudulently.
  • File a police report with your local police or the police in the community where the identity theft took place.
  • File a complaint with FTC’s Identity Theft Hotline at 1-877-438-4338, www.ftc.gov/idtheft, or by mail at Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.

6. What should I do if I received a notification and I confirm my identity has been stolen?

  • File a police report with your local police or the police in the community where the identity theft took place.
  • File a complaint with using FTC’s Identity Theft Hotline at 1-877-438-4338, www.consumer.gov/idtheft, or by mail at Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
  • You may also notify the Department of Energy Privacy Office within the Office of the Chief Information Officer (OCIO) at privacy@hq.doe.gov. This should not be done in place of contacting your local police and the Federal Trade Commission.

7. How is the Department of Energy responding to this attack?

The Department’s Cybersecurity office, the Office of Health, Safety and Security and the Inspector General’s office are working with other federal law enforcement to investigate this incident. Once the full nature and extent of this incident is known, the Department will implement a full remediation plan.

8. If I enroll in the Experian Credit Monitoring service, will my PII be secure?

Experian is one of three major credit reporting services for individuals and businesses, and as such, follows certain legal obligations requiring the protection of the data it receives, including data provided by subscribers of its various services. Accordingly, Experian has stated that it does not resell or market any subscriber information that violates an individual’s privacy rights, inclusive of PII.  For additional information pertaining to Experian’s services and privacy policies, please visit their web site at www.experian.com.