NASA has disclosed a recent data breach involving both former and current employees.
NASA has emailed its staff to warn them that unidentified hackers may have access their personal data. In an internal memo obtained by SpaceRef, the message said the body suspected a server had been compromised.
According to the internal message, this particular issue was uncovered on 23 October and the server contained information such as social security numbers. At present, NASA is working with federal investigators to figure out the extent of the breach and who the culprit may be.
Personal employee data
The information accessed included data on employees who had worked at the agency between July 2006 and October 2018. Staff were advised to take the necessary precautions to prevent possible identity theft.
A NASA spokesperson was contacted by Gizmodo for comment, but could not say how many employees’ details were potentially exposed. It did confirm that the agency “does not believe that any agency missions were jeopardised by the intrusions”. It said: “NASA takes cybersecurity very seriously and is committed to devoting the necessary resources to ensure the security of agency information and IT systems.”
While it has been close to two months since the hack was discovered on 23 October, it is common for US law enforcement to ask hacked organisations to hold off on informing those potentially affected to allow for thorough investigation. NASA said the investigation into the incident “will take time”.
NASA affirms commitment to security
The agency added: “NASA takes cybersecurity very seriously and is committed to devoting the necessary resources to ensure the security of agency information and IT systems. The agency is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure the latest security practices are followed throughout the agency.”
The US space agency has suffered similar attacks in the past. According to ZDNet, the agency experienced 13 separate network security breaches in 2011. In 2016 the agency suffered another breach, during which hackers attempted to bring down a multimillion-dollar drone.