NASA has posted an agency-wide alert to employees warning that on October 23, 2018, its cybersecurity team detected, and started to investigate, a possible data breach on one of its servers.
In an email obtained by NASA-watch website SpaceRef, NASA told employees that, "Social Security numbers and other PII data of current and former NASA employees may have been compromised.”
The internal communication explained that: "Those NASA Civil Service employees who were on-boarded, separated from the agency, and/or transferred between Centers, from July 2006 to October 2018, may have been affected. Once identified, NASA will provide specific follow-up information to those employees, past and present, whose PII was affected, to include offering identity protection services and related resources, as appropriate."
The HR message ended with a promise to review processes and procedures, "Our entire leadership team takes the protection of personal information very seriously. Information security remains a top priority for NASA. NASA is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure that the latest security practices are being followed throughout the agency."
So, in short, NASA can send people to the moon, but it can’t keep employee data safe! This not a good look for such a prestigious national institution with close links to the military. Remember, NASA deal with highly sensitive, and often top secret, data every day, often with major national security implications.
This is not the first time something similar has happened. In 2012 a laptop was stolen from a NASA employee which contained security numbers and other personal data on some 10,000 employees. The incident ended up costing the US taxpayer nearly $960,000 as NASA scrambled to implement full disk encryption on all laptops used by its staff.
Earlier in the same year, a NASA report highlighted a staggering 5,408 cyber-security incidents during 2010 and 2011, concluding that at one point "attackers had full functional control” over its networks.
If an organization like NASA can’t keep sensitive personal data belonging to its employees safe, then who can?
Image credit: By FrameStockFootages/Shutterstock.