The United States National Aeronautics and Space Administration (NASA) has confirmed a data breach that potentially compromised the personal information of its employees, both current and former, after discovering the possible compromise of NASA servers.
NASA confirmed the hack in an internal memo sent to all employees on Tuesday regardless of whether or not their information may have been affected. NASA explained that those NASA Civil Service employees who were on-boarded, separated from the agency, and/or transferred between Centres from July 2006 to October 2018, may have been affected.
On 23 October NASA discovered the possible compromise of its servers where personal information was stored. NASA determined that social security numbers and other employees’ personally identifiable information may have been compromised.
After the discovery, NASA took action to secure its servers and data within. NASA is reviewing its processes and procedures to ensure that the latest security practices are being followed throughout the agency.
The scope of the breach is still unknown, and investigations are ongoing to determine the extent of the breach and to identify those individuals affected, but NASA said that this will take time.
NASA does not believe that any Agency missions were threatened by the incident.
This breach follows two prior similar incidents in 2011 and 2016 demonstrating that the agency’s cybersecurity measures may need some work. In 2016 a hacking group exposed 276GB of sensitive data including flight logs and employees’ credentials.
Bob Gibbs, Assistant Administrator at NASA’s Office of the Chief Human Capital Officer, said:
“Our entire leadership team takes the protection of personal information very seriously. Information security remains a top priority for NASA”.
The Agency explained that all those affected would be notified once identified and offered identity theft protection services.
