A possible compromise of servers where NASA stored data on current and former employees may have given hackers access to social security numbers (SSN) and personally identifiable information (PII).
The incident occurred on or before October 23, when NASA cybersecurity team started to look into a possible server breach. Immediate action secured the machines and the data they stored.
There are no details on why the agency waited almost two months to disclose this security event.
Scope of the potential breach unknown
Although there is no information about the number of individuals potentially impacted by the incident, NASA says that the PII and SSN data had been collected on the impacted servers since July 2006.
In a notification from the Office of the Chief Human Capital Officer, the agency says that the persons potentially affected by this finding are civil service employees “who were on-boarded, separated from the agency, and/or transferred between Centers, from July 2006 to October 2018.”
For awareness reasons, the reached all NASA employees, even if their information may not have been compromised.
At the moment it is unclear if data exfiltration occurred, but if the investigation finds evidence of unauthorized access, the agency will start treating it as a data breach.
The agency believes that none if its missions have been endangered by this cybersecurity episode. NASA is currently trying to identify the individuals potentially impacted to give them specific details and offer them identity protection services and additional resources.
“This process will take time. The ongoing investigation is a top agency priority, with senior leadership actively involved,” the memo informs.
NASA is a constant target for hackers, who sometimes use a successful intrusion as bragging rights.
In 2016, hacking outfit AnonSec breached the agency’s network and stole personal information belonging to over 2,400 employees as well as video footage from NASA aircrafts, and flight logs. AnonSec released more than 250GB of data at the time.
Source: Bleeping Computers