Days after suspected Russian hackers breached multiple U.S. government agencies, the list of victims keeps growing. The Department of Energy and its National Nuclear Security Administration, as well as at least three states, realized on Thursday that they’d been hacked. Information about the U.S.’s nuclear program could be disastrous if it reached the wrong hands—but the Department of Energy said in a statement that preliminary investigations found that the malware was isolated to “business networks only and has not impacted the mission essential national security functions of the Department, including the [NNSA].”

The details of the huge hacking effort have been streaming out in recent days. The hackers gained access to agencies through SolarWinds, a company that sells IT products to the federal government. The Department of Homeland Security, the Department of State, and the National Institutes of Health were among those hacked. SolarWinds’ stock price has plummeted as a result. “This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government,” the FBI and other top security agencies said in a joint statement.