The Federal Energy Regulatory Commission confirmed employee email accounts were breached as part of a massive state-sponsored hacking campaign based in Iran.
In a March 23 announcement of charges against nine Iranians, the U.S. Department of Justice said the hackers had hit FERC, the U.S. Department of Labor, states, universities, companies and other organizations. FERC spokeswoman Tamara Young-Allen said "a small number of e-mail accounts were inappropriately accessed" at the commission.
"The commission has taken and will continue to develop corrective action to ensure that appropriate controls are operating effectively," Young-Allen said March 23. The commission is cooperating with federal authorities.
According to the Justice Department statement, the hackers stole research data from universities and from email accounts of employees in government agencies, private companies and nongovernmental organizations from about 2013 until December 2017.
U.S. Deputy Attorney General Rosenstein and other Justice Department officials called the theft one of the largest state-sponsored hacking efforts the department has prosecuted. The department said the hackers were linked to the Mabna Institute based in Iran. They worked on behalf of the Islamic Revolutionary Guard Corps, a branch of the country's armed forces. The announcement of the hacking campaign came after President Donald Trump said in January that he would not waive sanctions on Iran under a 2015 nuclear agreement unless major changes were made to the deal.
A federal grand jury in the Southern District of New York delivered the indictments, which included charges of conspiracy to commit computer intrusions, wire fraud and identity theft.