Security Experts:

Connect with us

Hi, what are you looking for?



NASA Notifies Employees of Data Breach

Social security numbers and other personal information belonging to employees of the U.S. National Aeronautics and Space Administration (NASA) may have been stolen after at least one of the agency’s servers was breached.

Social security numbers and other personal information belonging to employees of the U.S. National Aeronautics and Space Administration (NASA) may have been stolen after at least one of the agency’s servers was breached.

In a message obtained by SpaceRef, NASA officials told employees that cybersecurity staff started investigating a possible breach of servers on October 23. An initial analysis revealed that social security numbers and other personally identifiable information (PII) stored on one server may have been compromised.

An investigation has been launched in an effort to determine “the scope of potential data exfiltration” and identify the individuals who may be impacted. However, NASA says this process “will take time.”NASA hacked

“The ongoing investigation is a top agency priority, with senior leadership actively involved. NASA does not believe that any Agency missions were jeopardized by the cyber incidents,” said Bob Gibbs, assistant administrator at NASA’s Office of the Chief Human Capital Officer.

The incident impacts both past and present employees. NASA says they will be notified and offered identity protection services once they have been identified. For now, the agency says the breach may impact NASA Civil Service employees on-boarded, separated from the agency, or transferred between centers from July 2006 to October 2018.

“Our entire leadership team takes the protection of personal information very seriously. Information security remains a top priority for NASA. NASA is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure that the latest security practices are being followed throughout the agency,” Gibbs said.

A report released in 2012 showed that NASA had suffered several breaches. Another incident that came to light in the same year involved a stolen NASA laptop that stored personal information. However, no other major security incidents have come to light since.

In 2012, Iranian hackers claimed they had used an SSL certificate issued to NASA’s Research and Education Support Services group for man-in-the-middle (MitM) attacks. In 2016, hacktivists claimed to have hacked NASA drones and stolen sensitive information from the space agency’s systems. However, in both cases NASA issued a denial – the claims were most likely false.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.