In yet another example showing that clueless consumers aren’t the only ones who fall victim to computer scams, the Oak Ridge National Laboratory yesterday disclosed that phishing attacks may have provided cybercrooks with access to personal data on people who visited the lab between 1990 and 2004.In an e-mail sent to staffers this week, Thom Mason, director of the government research facility, reported that the lab has been the target of what he described as a sophisticated cyberattack by hackers seeking to gain access to computer networks at numerous research facilities and other government institutions across the country.According to the note, the unknown hackers gained access to a nonclassified laboratory database, which contained personal information on people who have visited the facility in Oak Ridge, Tenn., over a 14-year period starting in 1990.Mason said the hackers made about 1,100 attempts to steal data by sending an unknown number of staffers a total of seven phishing e-mails. It was not immediately clear from the letter if that meant a total of 1,100 such e-mails were sent or if 1,100 separate attempts were made to send such messages to the organization. According to Mason’s e-mail, the phishing e-mails appeared legitimate and attempted to persuade recipients to open attachments or links. One of the bogus e-mails, for instance, purported to notify individuals of a scientific conference. Another pretended to notify the recipients of Federal Trade Commission complaint, he noted.“At present, we believe that about 11 staffers opened the attachments, which enabled the hackers to infiltrate the system and remove data,” Mason’s note stated. “Reconstructing this event is a very tedious and time-consuming effort that likely will take weeks, if not longer, to complete,” he added. Meanwhile, he said, the lab is attempting to notify all the potential victims, whose Social Security numbers, names and dates of birth may have been pilfered.The Oak Ridge incident is the second recent widely publicized phishing attack on a large organization. Earlier this year, grocery chain Supervalu Inc. was nearly scammed out of US$10 million by phishers.In that incident, the company received e-mails that falsely claimed to be from two of its approved suppliers — American Greetings Corp. and PepsiCo Inc.’s Frito-Lay Inc. unit. The e-mails instructed Supervalu to send future payments to both suppliers to new bank accounts, one in Florida and the other in Arkansas.The company sent over $10 million to these fake accounts before realizing that it had been conned.By Jaikumar Vijayan, Computerworld (US online) Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe