“Initial indications are that this disclosure was not the result of a cyber-intrusion and no classified data was compromised,” the U.S. Department of Energy said in a statement.
The matter has been referred to the department’s Office of Inspector General, and affected workers are being advised of the situation.
Those workers are urged “to be vigilant in monitoring financial transactions and emails or phone calls relating to such personal transactions” and to use a special e-mail account to ask further questions.
In a memo to employees, DOE-Savannah River Site Manager David C. Moody III said the matter is being taken very seriously and will be fully investigated at the local and national levels.
“Environmental Management is working to promptly gather detailed information on the nature and scope of the incident and assess the potential impacts to DOE staff and contractors,” the memo said.
The department is also evaluating additional security technologies to prevent similar breaches in the future.
Those initiatives include “working with public and private sector partners to further harden our networks; conducting deep network scans to ensure that no malware was installed; and reviewing cost-effective, technical solutions that enable stronger data protection.”
The unauthorized disclosure of the personal data was identified by the site’s Cyber Security Team.
Savannah River Site has a long history of making nuclear weapons materials. Today, much of its activity involves environmental management programs to clean up nuclear waste.
Also at SRS are the Savannah River National Laboratory, which conducts a host of research projects; and National Nuclear Security Administration facilities that supply and process tritium gas used in nuclear warheads.