The US Department of Energy on Monday confirmed it was the target of a cyber attack in January, which stole employee and contractor data, but said no classified data was compromised.
The agency, in a memo to staff released to AFP by a spokeswoman, said the "cyber incident that occurred in mid-January" targeted the agency's network and "resulted in the unauthorized disclosure of employee and contractor personally identifiable information."
The agency, which manages the country's nuclear energy programs, said it had begun a probe with federal law enforcement.
The news comes after revelations of high-profile cyber-attacks targeting US news media including The New York Times and The Wall Street Journal said to be originating from China.
The Energy Department made no comment on the source of the attack.
"Based on the findings of this investigation, no classified data was compromised," the memo said.
It said personal data from "several hundred" employees and contractors may have been affected.
"As individual affected employees are identified, they will be notified and offered assistance on steps they can take to protect themselves from potential identity theft," it added.
"Once the full nature and extent of this incident is known, the Department will implement a full remediation plan... The Department is also leading an aggressive effort to reduce the likelihood of these events occurring again."