NASA has suffered a data breach that exposed its employees’ Social Security numbers and other personal information.
According to a memo sent Tuesday (Dec. 18) by Assistant Administrator Bob Gibbs, the agency began looking into the breach of its servers on Oct. 23.
"Upon discovery of the incidents, NASA cybersecurity personnel took immediate action to secure the servers and the data contained within," the memo stated. "NASA and its Federal cybersecurity partners are continuing to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals. This process will take time. The ongoing investigation is a top agency priority, with senior leadership actively involved. NASA does not believe that any Agency missions were jeopardized by the cyber incidents."
Employees who were hired, transferred or left the agency from July 2006 to October 2018 may have been affected by the hack, although NASA isn’t sure how many people were impacted. The memo added that once the affected parties have been identified, they will be contacted by NASA about identity protection services and other resources.
"Our entire leadership team takes the protection of personal information very seriously. Information security remains a top priority for NASA. NASA is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure that the latest security practices are being followed throughout the agency," the memo added.
NASA is the latest government agency to be hit with a breach. In September, the State Department revealed that a data breach exposed the personal information of a small number of employees. “We have determined that certain employees’ personally identifiable information (PII) may have been exposed,” an alert said at the time. “We have notified those employees.”
And just this week, around 300,000 people had their personal data stolen in a breach of Click2Gov, a widely used government payment software.