The database at Oak Ridge National Laboratory may have been compromised by an unauthorized breakthrough in the Lab’s system. According to an official statement, “thieves made approximately 1,100 attempts to steal data with a very sophisticated strategy that involved sending staff a total of seven 'phishing' e-mails, all of which at first glance appeared legitimate.”

Thom Mason, the ORNL director considers this as a “coordinated attempt to gain access to computer networks at numerous laboratories and other institutions across the country.” Our review to date has shown that while every security system at ORNL was in place and in compliance, the hackers potentially succeeded in gaining access to one of the laboratory's non-classified databases that contained personal information of visitors to the laboratory between 1990 and 2004.”

Even though Lab’s spokesman Bill Stair clearly stated that “there was no classified data of any kind compromised. There are people who think that because they accessed this database that they had access to the lab's supercomputer. That is not the case. There was no access at all,” officials have sent approximately 12,000 letters to the potential victims, which include university staff, scientists, industry representatives and others.

“Because of the sensitive nature of this event, the laboratory will be unable for some period to discuss further details until we better understand the full nature of this attack,” Mason said in a statement. “Our cyber security staff has been working nights and weekends to understand the nature of this attack. Reconstructing this event is a very tedious and time-consuming effort that likely will take weeks, if not longer, to complete.”

Every year scientists work at improving the security systems that help protect the databases, and every year the hackers manage to pass these security systems, making this a permanent challenge.