"Personal Information of 45,000 Individuals Stolen in Idaho National Laboratory Data Breach"
Idaho National Laboratory (INL) has recently started notifying 45,000 individuals that their personal information was stolen in a data breach last month. The incident was identified on November 20 and impacted the Oracle Human Capital Management (HCM) software that INL uses for certain human resources applications. INL noted that no INL systems nor other "networks or databases used by employees, lab customers or other contractors" were compromised as part of the attack. The laboratory stated that information was stolen from many current and previous employees of Battelle Energy Alliance (BEA), the contractor that manages Idaho National Laboratory (INL), and some Idaho Cleanup Project (ICP) employees. Employees, including retirees, postdocs, graduate fellows, and interns, as well as dependents and spouses, were affected by the incident. INL noted that as part of the attack, personal information such as names, dates of birth, Social Security numbers, salary information, and banking details was exfiltrated. Other sensitive personal information was compromised as well. The compromised information also contained payroll data for employees, former employees, and retirees that was current as of June 1, 2023.