The National Aeronautics and Space Administration announced that the personal information of an unknown number of current and former agency employees along with their Social Security numbers was accessed by hackers in a data breach.
According to a memo sent to agency employees about the breach, “NASA Civil Service employees who were on-boarded, separated from the agency, and/or transferred between Centers, from July 2006 to October 2018, may have been affected.”
NASA will be contacting all impacted employees once they are identified as well as providing identity theft protection services to impacted individuals.
NASA discovered the data breach on October 23, according to the memo that was sent to agency employees by Bob Gibbs, Assistant Administrator, Office of the Chief Human Capital Officer, and began working immediately to secure the affected servers.
NASA said it does not believe at this time that any agency missions were compromised in the data breach. A copy of the memo is included at the end of the article.
This is not the first cybersecurity incident that has impacted the agency. For example, according to a 2012 report from NASA’s inspector general, NASA reported 5,408 computer security incidents in 2010 and 2011 that resulted in the installation of malicious software on or unauthorized access to its systems.
Agency-wide Communications to Employees
On Oct. 23, 2018, NASA cybersecurity personnel began investigating a possible compromise of NASA servers where personally identifiable information (PII) was stored. After initial analysis, NASA determined that information from one of the servers containing Social Security numbers and other PII data of current and former NASA employees may have been compromised.
Upon discovery of the incidents, NASA cybersecurity personnel took immediate action to secure the servers and the data contained within. NASA and its Federal cybersecurity partners are continuing to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals. This process will take time. The ongoing investigation is a top agency priority, with senior leadership actively involved. NASA does not believe that any Agency missions were jeopardized by the cyber incidents.
This message is being sent to all NASA employees for awareness, regardless of whether or not your information may have been compromised. Those NASA Civil Service employees who were on-boarded, separated from the agency, and/or transferred between Centers, from July 2006 to October 2018, may have been affected. Once identified, NASA will provide specific follow-up information to those employees, past and present, whose PII was affected, to include offering identity protection services and related resources, as appropriate.
Our entire leadership team takes the protection of personal information very seriously. Information security remains a top priority for NASA. NASA is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure that the latest security practices are being followed throughout the agency.