The email system breach impacted “less than 1 percent of employee inboxes,” according to a Sept. 7 department alert obtained by Politico. The department’s classified email system was not affected, according to the alert, which was marked “Sensitive But Unclassified.”
“We have determined that certain employees’ personally identifiable information (PII) may have been exposed,” the alert says. “We have notified those employees.”
It didn’t suggest who might be responsible for the breach, but said it is “working with partner agencies to conduct a full assessment.” The department also notes that steps “have been taken” to secure systems and impacted employees will be given three years of free credit monitoring, our sister site ZDNet reports.
The State Department didn’t immediately respond to a request for further comment.
Last week, a bipartisan group of five senatorsto find out why the department isn’t using basic cybersecurity protections.