- NASA suffered a data breach that concerns the PPI of current and previous personnel
- The agency believes that the infiltration has not jeopardized mission data
- NASA showed a delay in informing its employees and the public on the matter
An internal memo of NASA revealed a data breach that took place on October 23, on servers containing personally identifiable information. Employee data such as social security numbers of both current and past employees are believed to have been accessed by a third-party, while the internal investigation has not discovered signs any critical mission data having been jeopardized.
The internal memo was circulated among NASA employees for awareness, while the agency is also offering identity protection services to those that were affected. Currently, NASA’s investigation is still underway, with federal cybersecurity experts helping the space agency determine the scope of the data exfiltration, as well as to pinpoint which employees were affected. Right now, the agency employs about 17,300 people, but the breach concerns data from employees that may have left NASA since July 2006. This means that the potential pool of data access goes beyond the current 17,300 employees.
The PPI data that was leaked can be potentially used to distinguish or trace the employees’ identity, but NASA has not clarified whether the leak would be enough for the attackers to do so, or whether more information will be needed to link the identities. When asked why it took them two months to report the incident to their employees, NASA responded that the investigation was initiated right away on the two servers containing the PPI data, but they needed to confirm the type of the compromise first before proceeding any further. As a NASA spokesperson told in a statement to The Register:
“NASA takes cyber security very seriously and is committed to devoting the necessary resources to ensure the security of agency information and IT systems. The agency is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure the latest security practices are followed throughout the agency.”
Something similar also happened in 2011 and 2016, so NASA’s final comment is that the current investigation will take time, as they need to figure out what exactly happened, what data leaked, what is their value for potential future attacks, and who is behind this server penetration.