The U.S. State Department is said to have been hit by a serious cyberattack that was reported to the Department of Defense Cyber Command, according to Fox Business.

The details of the type of attack, exactly when it happened and what data may have been stolen were not revealed. Fox News reporter Jacqui Heinrich said on Twitter Aug. 21 that she believed that the breach happened a “couple of weeks ago” and that the stolen data did not affect operations to evacuate Americans and Afghan allies from Afghanistan.

The State Department has neither denied nor confirmed the report. “The Department takes seriously its responsibility to safeguard its information and continuously takes steps to ensure information is protected,” a spokesperson said. “For security reasons, we are not in a position to discuss the nature or scope of any alleged cybersecurity incidents at this time.”

Reuters reported separately that a knowledgeable source had told it that the department has not experienced significant disruptions and has not had its operations impeded in any way. That does not rule out that a cyberattack of some sort has taken place.

The news comes weeks after a bipartisan report from the U.S. Senate Homeland Security and Governmental Affairs Committee found that federal agencies continue to suffer shortcomings in their cybersecurity posture. Notably, the State Department could not provide documentation for 60% of sample employees who had access to the agency’s classified network. Further, the department was found to leave thousands of accounts active after employees have left the agency.

“The recent cyberattack against the U.S. State Department is a reminder that anyone can and will be hit,” Sam Curry, chief security officer at cybersecurity firm Cybereason Inc., told SiliconANGLE. “Overall, the State Department’s networks are big and they are presumably getting attacked by nation-states, terrorists, and other adversaries on a daily basis.”

But he added that without more data on the recent attack, it would be premature to make assumptions on the motives or groups involved. “While the State Department isn’t likely to disclose any further details of this attack, public and private sector security teams, as well as U.S. allies, should be on high alert,” he said.

Image: State Department