Upcoming Virtual Event: Cloud Security Summit | July 17 - Register Now
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

NASA Notifies Employees of Data Breach

Social security numbers and other personal information belonging to employees of the U.S. National Aeronautics and Space Administration (NASA) may have been stolen after at least one of the agency’s servers was breached.

Social security numbers and other personal information belonging to employees of the U.S. National Aeronautics and Space Administration (NASA) may have been stolen after at least one of the agency’s servers was breached.

In a message obtained by SpaceRef, NASA officials told employees that cybersecurity staff started investigating a possible breach of servers on October 23. An initial analysis revealed that social security numbers and other personally identifiable information (PII) stored on one server may have been compromised.

An investigation has been launched in an effort to determine “the scope of potential data exfiltration” and identify the individuals who may be impacted. However, NASA says this process “will take time.”NASA hacked

“The ongoing investigation is a top agency priority, with senior leadership actively involved. NASA does not believe that any Agency missions were jeopardized by the cyber incidents,” said Bob Gibbs, assistant administrator at NASA’s Office of the Chief Human Capital Officer.

The incident impacts both past and present employees. NASA says they will be notified and offered identity protection services once they have been identified. For now, the agency says the breach may impact NASA Civil Service employees on-boarded, separated from the agency, or transferred between centers from July 2006 to October 2018.

“Our entire leadership team takes the protection of personal information very seriously. Information security remains a top priority for NASA. NASA is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure that the latest security practices are being followed throughout the agency,” Gibbs said.

A report released in 2012 showed that NASA had suffered several breaches. Another incident that came to light in the same year involved a stolen NASA laptop that stored personal information. However, no other major security incidents have come to light since.

In 2012, Iranian hackers claimed they had used an SSL certificate issued to NASA’s Research and Education Support Services group for man-in-the-middle (MitM) attacks. In 2016, hacktivists claimed to have hacked NASA drones and stolen sensitive information from the space agency’s systems. However, in both cases NASA issued a denial – the claims were most likely false.

Advertisement. Scroll to continue reading.
Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

ICS and OT cybersecurity solutions provider TXOne Networks appoints Stephen Driggers as its new CRO.

Identity orchestration provider Strata Identity has appointed Aldo Pietropaolo as Field CTO.

Cybersecurity provider for the aviation industry Cyviation has appointed Eliran Almog as Chief Executive Officer.

More People On The Move

Expert Insights