I am not having any luck confirming this story, AFAIK this link is original story & everyone else is quoting them (with or without citation): http://freebeacon.com/cyber-breach/
From the Free Beacon link:
The cyber attack was confirmed Friday by DOE security officials and is still under investigation. Officials are working to determine the exact nature of the attack and the extent of potential damage.
The personal data compromised involves information related to several hundred people, the officials said.
A total of 14 computer servers and 20 workstations at the headquarters were penetrated during the attack.
The department is currently in the process of notifying the employees and contractors whose information was stolen.
The department is planning steps to plug security holes in its network that were revealed by the attack, the officials said.
If the reported details are accurate, doesn't sound like they were using best practices, PII information should have been stored encrypted.
If I were a betting man, I would bet they were compromised via a Phishing attack, but I would like to see some more details about this incident.
Would like to see independent confirmation of this story to start with, because for real news it is kinda like real backup of data, you really should have 3 sources that are independent of each other.