The Department of Energy says the number of its employees at risk of identity theft after a cyber attack in July is nearly four times what the department had originally thought.
Energy first reported 14,000 current and former employees had their names, social security numbers, dates of birth and other personal information stolen. DoE now confirms that number rose to 53,000.
An email from DoE Deputy Chief of Staff Jonathan Levy says the affected individuals include current and former employees, dependents and contractors.
“At this time, the department is limited in what it can communicate due to the ongoing investigation,” Levy said in the email. “Notifications are being made to all affected individuals.”
Energy will offer one year of free credit monitoring services from Experian to the affected current and former employees.
“I want to assure you that the department takes this incident very seriously and is implementing improvements to prevent future incidents,” Levy said in the email. “The department sincerely regrets this incident and the inconvenience it has caused the affected individuals.”
The attack in late July was the second cyber attack on DoE this year.
DoE reported in February that a cyber attack disclosed employees’ personally identifiable information (PII), but it did not specify details on how many employees or which parts were affected.