Nuclear Regulatory Commission (NRC) computers were hacked twice by foreigners and once by an unidentifiable individual in the last three years, according to a recently obtained inspector general report.

The commission, which handles licensing, inspection and enforcement of nuclear requirements, might have had documents and inner-system workings exposed in the attacks, according to Nextgov, who obtained the report via an open-records request.

In one phishing scheme, more than 200 employees received an email asking them to verify their accounts through a provided link. The dozen people who fell for the ploy were then redirected to a Google spreadsheet where they could enter their details. A later investigation pointed to an unnamed foreign culprit.

Another incident involved a spear phishing campaign that linked to malicious software. Similarly in that case, an investigation led to an unnamed foreign attacker.