(CBS/AP) The Oak Ridge National Laboratory revealed on Thursday that a "sophisticated cyber attack" over the last few weeks may have allowed personal information about thousands of lab visitors to be stolen.

The assault appeared "to be part of a coordinated attempt to gain access to computer networks at numerous laboratories and other institutions across the country," lab director Thom Mason said in a memo to the 4,200 employees at the Department of Energy facility.

Oak Ridge officials would not identify the other institutions affected by the breach. But they said hackers may have infiltrated a database of names, Social Security numbers and birth dates of every lab visitor between 1990 and 2004.

"There was no classified data of any kind compromised," lab spokesman Bill Stair said Thursday. "There are people who think that because they accessed this database that they had access to the lab's supercomputer. That is not the case. There was no access at all."

Officials at Pacific Northwest National Laboratory in Richland, Wash., discovered on Thursday that one desktop computer had potentially been compromised. However, the computer contained no sensitive information, and security officials immediately isolated it from other computers while they analyze it, spokeswoman Judith Graybeal said.

Security officials couldn't yet say if the attack was related to the Oak Ridge attack, she said.

The Oak Ridge lab currently has the second-fastest supercomputer in the world, an open-research, 101.7-teraflop Cray XT3/XT4 known as "Jaguar," and has plans to build another.

According to its Web site, "ORNL has six major mission roles: neutron science, energy, high-performance computing, systems biology, materials science at the nanoscale, and national security." It was established in 1943 as part of the Manhattan Project that developed the first atomic bombs, but says its mission is now "very different."

About 3,000 researchers annually visit the facility, a major DOE energy research and high-performance computing center, about 25 miles west of Knoxville.

Officials have sent letters to about 12,000 potential victims. Mason said so far there was "no evidence that the stolen information has been used."

The assault was in the form of phony e-mails containing attachments, which when opened allowed hackers to penetrate the lab's computer security. The practice is called "phishing."

The first fake e-mail arrived Oct. 29. At least six more waves followed.

"At first glance, they appeared legitimate," Mason wrote. One notified employees of a scientific conference. Another pretended to notify the employee of a complaint on behalf of the Federal Trade Commission.

Each one instructed recipients to open an attachment for further information. And when they did, it "enabled the hackers to infiltrate the system and remove data," Mason wrote.

The lab's cyber police determined about 1,100 phony e-mail messages entered the lab's network. In 11 cases, an employee took the bait and opened the attachments.

"Our cyber security staff has been working nights and weekends to understand the nature of this attack," Mason wrote. "Reconstructing this event is a very tedious and time-consuming effort that likely will take weeks, if not longer, to complete."

Meanwhile, the lab will post updates on its Web site.

"Every year we build bigger and more sophisticated fences around our databases and every year our enemies find new and more sophisticated ways to tunnel under the fence," Stair said. "This is an ongoing challenge that is going to be there as far as we can see in the future."

© MMVII, CBS Interactive Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.

Back To Top