The US Department of Energy has confirmed that it was the target of a cyber attack in January, which stole employee and contractor data, but said no classified data was compromised.
The agency, in a memo to staff released by a spokeswoman, said the "cyber incident that occurred in mid-January" targeted the agency's network and "resulted in the unauthorised disclosure of employee and contractor personally identifiable information".
The agency, which manages the country's nuclear energy programs, said that its cybersecurity team had begun an investigation in conjunction with the Office of Health, Safety, and Security; the Inspector General's office; and federal law enforcement.
The Energy Department made no comment on the source of the attack.
"Based on the findings of this investigation, no classified data was compromised," the memo said.
However, it said that personal data from "several hundred" employees and contractors may have been affected.
"As individual affected employees are identified, they will be notified and offered assistance on steps they can take to protect themselves from potential identity theft," it added.
"Once the full nature and extent of this incident is known, the department will implement a full remediation plan ... The department is also leading an aggressive effort to reduce the likelihood of these events occurring again."