NASA Belatedly Admits October Data Breach
The space agency does not believe any of its missions have been jeopardised after a hacker accessed one of its servers.
The US National Aeronautics and Space Administration (NASA) has revealed that it was hacked earlier in 2018.
The details were reportedly revealed in an internal memo to NASA staff from Bob Gibbs, assistant administrator at the Office of Human Capital, NASA.
In the leaked memo, Gibbs told employees that an unknown intruder accessed one of NASA’s servers, which stored the personal data, including Social Security numbers, of current and former employees.
Gibbs explained that the hack was discovered on 23rd October but did not explain why the agency had waited almost two months to inform workers.
Gibbs wrote: “Upon discovery of the incidents, NASA cybersecurity personnel took immediate action to secure the servers and the data contained within. NASA and its Federal cybersecurity partners are continuing to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals.
“This process will take time. The ongoing investigation is a top agency priority, with senior leadership actively involved. NASA does not believe that any Agency missions were jeopardized by the cyber incidents.”
He added: “This message is being sent to all NASA employees for awareness, regardless of whether or not your information may have been compromised. Those NASA Civil Service employees who were on-boarded, separated from the agency, and/or transferred between Centers, from July 2006 to October 2018, may have been affected.
“Once identified, NASA will provide specific follow-up information to those employees, past and present, whose PII was affected, to include offering identity protection services and related resources, as appropriate.”
Gibbs added that NASA’s “entire leadership team takes the protection of personal information very seriously”. Information security remains a top priority, he added.
NASA is continuing its efforts to secure all servers and said it is reviewing its processes and procedures to ensure that the latest security practices are being followed throughout the agency.