NASA cyber-attack: Many employees' personal information at risk

NASA
NASA Pixabay

After Marriot, Cathay Pacific and the high profile Facebook data breach incident, reports claim that personal information of some former and current employees of the American space agency NASA may have been compromised in a hack that took place in October 2018.

As per the US-based space news portal SpaceRef.com, Bob Gibbs, NASA's Assistant Administrator and the office of the Chief Human Capital has revealed that the agency suffered a security breach that may have affected employees "who were on-boarded, separated from the agency, and/or transferred between Centers, from July 2006 to October 2018."

The internal memo, which was sent to the employees on Tuesday, December 18 has shown that investigators discovered the breach on October 23, but they haven't identified the hackers.

NASA said that an unknown intruder gained access to a server containing the personal information of the employees. However, the scope of the breach and the number of affected employees is yet not clear. But, as per the memo, NASA claimed that they believe the cyber attack did not jeopardise any of its missions.

"Those NASA Civil Service employees who were on-boarded, separated from the agency, and/or transferred between Centers, from July 2006 to October 2018, may have been affected," Gibbs said in the memo.

The agency has started to notify all their former and present employees about the data leak, regardless of whether or not their information was stolen so that they could take required measures.

In addition, Gibbs said, "Once identified, NASA will provide specific follow-up information to those employees, past and present, whose personally identifiable information (PII) was affected, to include offering identity protection services and related resources, as appropriate."

After NASA was alerted to the breach, they informed that the agency was working with federal cybersecurity partners "to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals."

As per Gibbs, "This process will take time. The ongoing investigation is a top agency priority, with senior leadership actively involved."

Reports also pointed that earlier, in 2011 and 2016 NASA faced major data breach incidents, which showed that the agency's cybersecurity measures could use work.

The memo added that if anyone wants more information about the incident then they may contact the Enterprise Service Desk (ESD) at 1-877-677-2123, or https://esd.nasa.gov, or nasa-esd@mail.nasa.gov.

This article was first published on December 19, 2018
READ MORE