Incident Of The Week: NASA Reveals Employee Data Breach In Memo

Hacked Servers: Personal Data Exposed



Esther Shein
12/28/2018

The U.S. National Aeronautics and Space Administration (NASA) said that one of its servers was hacked earlier this year, exposing personal data of current and former employees including social security numbers.

In a memo to employees that was also posted on Spaceref, NASA said the breach was uncovered on Oct. 23rd.

NASA Civil Service employees who were on-boarded, separated from the agency, and transferred between centers from July 2006 to October 2018, may have been affected by the attack, according to Bob Gibbs, assistant administrator in the Office of the Chief Human Capital Officer, in the memo. It is not clear how many past and present employees may have had their data breached.

Once they learned of the breach, NASA cybersecurity personnel took “immediate action to secure the servers and the data contained within,’’ the memo stated. “NASA and its federal cybersecurity partners are continuing to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals. This process will take time.”

NASA does not believe that any agency missions were jeopardized by the cyber incidents, the memo added.

There is no mention of why NASA waited nearly two months to inform employees, but ZDNet noted that U.S. law enforcement regularly asks hacked organizations to delay notifying potential victims during an investigation.

NASA said the leak won’t jeopardize current or planned future space missions, Panda Security reported. The space agency assured employees that the security gap has been fixed, but said it is unable to determine who was behind the cyberattack, and whether the criminals have exported any of the sensitive information stored in the hacked server. NASA said it will continue to investigate the issue and will offer free identity protection services to people who were affected by the breach.

This is not NASA’s first cybersecurity incident. The Government Accountability Office (GAO) and the agency’s inspector general released a report earlier this year that indicated that NASA has “longstanding IT management weaknesses,” Nextgov reported.