[ RadSafe ] DOE computers hacked; Info on 1,500 taken

[Susan Gawarecki]

DOE computers hacked; Info on 1,500 taken
By H. Josef Hebert, Associated Press Writer  |  June 9, 2006

WASHINGTON --A hacker stole a file containing the names and Social 
Security numbers of 1,500 people working for the Energy Department's 
nuclear weapons agency.  But in the incident last September, somewhat 
similar to recent problems at the Veterans Affairs Department, senior 
department officials were told only two days ago, officials told a 
congressional hearing Friday. None of the victims was notified, they 
said.  The data theft occurred in a computer system at a service center 
belonging to the National Nuclear Security Administration in 
Albuquerque, N.M. The file contained information about contract workers 
throughout the agency's nuclear weapons complex, a department spokesman 
said.

NNSA Administrator Linton Brooks told a House hearing that he learned of 
the security break late last September, but did not inform Energy 
Secretary Samuel Bodman about it. It had occurred earlier that month.  
Bodman first learned of the theft two days ago, according to his 
spokesman.  "He's deeply disturbed by the way this was handled," said 
Craig Stevens, a spokesman for Bodman.

Rep. Joe Barton, R-Texas, chairman of the Energy and Commerce Committee, 
called for Brooks' resignation because of his failure to inform Bodman 
and other senior DOE officials of the security failure.  The House 
Energy and Commerce oversight and investigations subcommittee learned of 
the security lapse Thursday evening on the eve of its hearing on DOE 
cyber security, said Rep. Ed Whitfield, R-Ky., chairman of the panel.  
The issue dominated lawmakers questioning of DOE officials at the 
hearing. After an open session, the subcommittee continued questioning 
Brooks and other officials about it at a closed session because of the 
security implications.

Although the compromised data file was in the NNSA's unclassified 
computer system -- and not part of a more secure classified network that 
contains nuclear weapons data -- the DOE officials would provide only 
scant information about the incident during the public hearing.  Brooks 
said the file contained names, Social Security numbers, date-of-birth 
information, a code where the employees worked and codes showing their 
security clearances. A majority of the individuals worked for 
contractors and the list was compiled as part of their security 
clearance processing, he said.

Tom Pyke, DOE's official charged with cyber security, said that he 
learned of the incident only a few days ago. He said the hacker, who 
obtained the data file, penetrated a number of security safeguards in 
obtaining access to the system.  Stevens said that Bodman, upon learning 
of the incident, directed that the individuals be immediately told their 
information had been compromised.  Brooks acknowledged that no attempt 
was made to notify the individuals until now. He declined to elaborate 
because of security concerns, but indicated he could tell the lawmakers 
more in the closed session.

"If somebody got that information from your file, wouldn't you be a 
little concerned if nobody told you?" Rep. Diane DeGette, D-Colo., asked 
Brooks.  "Of course I would," he replied.