NASA Server Hacked, Personal Identifiable Information of Employees Exposed
Of all government agencies in the world, NASA (National Aeronautics and Space Administration) can be considered as one of the most high techs, if not the most technologically advanced in the world. But it seems like NASA is no different from any other government or a private firm, as they are not immune from being targeted by cyber attacks. All employees, both active and former who worked with NASA from July 2006 to October 2018 had their data exposed to unknown 3rd parties due to the data breach. NASA discovered the breach two months ago on October 23, 2018, but it took them sixty days to release the news to all their employees through an internal memo.
“On Oct. 23, 2018, NASA cybersecurity personnel began investigating a possible compromise of NASA servers where personally identifiable information (PII) was stored. After initial analysis, NASA determined that information from one of the servers containing Social Security numbers and other PII data of current and former NASA employees may have been compromised. Upon discovery of the incidents, NASA cybersecurity personnel took immediate action to secure the servers and the data contained within. NASA and its federal cybersecurity partners are continuing to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals. This process will take time. The ongoing investigation is a top agency priority, with senior leadership actively involved. NASA does not believe that any agency missions were jeopardized by the cyber incidents,” explained Bob Gibbs, NASA’s Assistant Administrator.
As of this writing, NASA Administration does not know yet who accessed their servers containing employee personal information and what is the agenda for the conducting the infiltration. There is also no exact explanation from NASA Management why it took them two months in order to disclose the security breach to their very own employees.
“Our entire leadership team takes the protection of personal information very seriously. Information security remains a top priority for NASA. NASA is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure that the latest security practices are being followed throughout the agency,” added Gibbs.
The space agency also assures the public that NASA’s current and future space projects and missions are operating optimally, as they were not targeted by the security breach. NASA Employees who wish for more information about the progress of the investigation can contact their internal Enterprise Service Desk, as the agency provided them with the telephone numbers and email address to call.
“Once identified, NASA will provide specific follow-up information to those employees, past and present, whose PII was affected, to include offering identity protection services and related resources, as appropriate,” concluded Gibbs.
The claims of countermeasures being implemented by the space agency to prevent the repeat of this incident may be taken with a grain of salt. This was not the first time NASA was targeted by a cyber attack, it already happened in two separate occasions in the past, one from 2016 and the first incident in 2011.
Kevin Jones880 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.