By Josh Hicks
The Department of Energy failed to address suspected cyber-security weaknesses before a July hacking incident that compromised the private information of employees, their dependents and contractors, according to federal auditors.
In a report released Wednesday, Department of Energy Inspector General Gregory Friedman said the breach last summer affected more than 104,000 individuals, providing access to names, Social Security numbers, dates of birth and other information from a human-resources network.
The department has been hacked three times since May 2011, according to auditors. DOE acknowledged two incidents this year alone, telling employees in an August memo that it would offer one year of free credit monitoring for impacted personnel and assistance in protecting them from identity theft.
The inspector general determined that those efforts, along with paid leave allowed for individuals needing to correct issues associated with the breaches, could cost the government up to $3.7 million.
Auditors found that the department did not implement accepted standards for protecting its networks and failed to ensure that its security controls were working effectively in many cases.