The National Aeronautics and Space Administration disclosed Tuesday that one of its servers with personally identifiable information was compromised in October. It is still unclear how much current and former NASA employee information was compromised, and the agency says the investigation into the breach is a top priority.
“This message is being sent to all NASA employees for awareness, regardless of whether or not your information may have been compromised,” wrote Bob Gibbs, assistant administrator for NASA’s Office of the Chief Human Capital Officer, in an agency-wide communication. “Those NASA Civil Service employees who were on-boarded, separated from the agency, and/or transferred between Centers, from July 2006 to October 2018, may have been affected. Once identified, NASA will provide specific follow-up information to those employees, past and present, whose PII was affected, to include offering identity protection services and related resources, as appropriate.”
NASA began investigating the breach on Oct. 23, and found that “Social Security numbers and other PII data of current and former NASA employees may have been compromised.”
NASA said that the investigation will take time and the agency does not believe any missions were jeopardized.
“Our entire leadership team takes the protection of personal information very seriously,” Gibbs wrote. “Information security remains a top priority for NASA. NASA is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure that the latest security practices are being followed throughout the agency.”
NASA reported 5,408 computer security incidents in 2010 and 2011, and 13 major breaches in 2011. In 2016, the NASA Office of the Inspector General disclosed that it had conducted 90 investigations of breaches of NASA IT networks over the previous five years, “and helped to secure convictions of hackers operating from such wide-ranging locations as Australia, England, Italy, Nigeria, Portugal, Romania and Turkey.”