The National Aeronautics and Space Administration (NASA) has warned its employees of a data breach that might have compromised their personal information.

On 18 December, the agency’s Human Resources Messaging System (HRMES) sent out a message to all employees informing them of a potential security security incident.

NASA first began looking into the security event on 23 October 2018. Its analysis revealed that digital attackers might have compromised a server containing current and former employees’ personally identifiable information (PII) including their Social Security Numbers.

On learning of the incident, the agency’s IT security team launched an investigation and took measures to secure NASA’s servers and their stored data. This digital security analysis was ongoing at the time of the message’s publication.

Bob Gibbs, assistant administrator at the Office of the Chief Human Capital Officer, said that the agency will also contact affected employees as it learns more and will offer them access to identity protection services, among other resources.

“Our entire leadership team takes the protection of personal information very seriously,” Gibbs said. “Information security remains a top priority for NASA. NASA is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure that the latest security practices are being followed throughout the agency.”

This isn’t the first time the agency has suffered a digital security incident. In early 2016, the AnonSec group released 276 GB of data belonging to the National Aeronautics and Space Administration. This information included 631 video feeds, 2,143 flight logs and credentials of 2,414 employees including their e-mail addresses and contact numbers. A few years earlier than that, a database leak at Adobe exposed 234,379 military and government email addresses, encrypted passwords and password hints including 5,000 NASA accounts.

Those who have questions  about this latest security event (Read more...)