NASA’s servers have been hacked in an incident that the space agency says it is treating as a “top agency priority” and which may have exposed the details of staff with NASA since 2006.
In an internal memo circulated to employees yesterday NASA said it is still investigating the scope of the data exfiltration, first discovered on October 23.
The memo, written by Bob Gibbs, Assistant Administrator, Office of the Chief Human Capital Officer and obtained by SpaceRef said: “NASA does not believe that any Agency missions were jeopardized by the cyber incidents.”
Senior leadership at NASA are “actively involved” in investigating the hack which has been set as a top agency priority, he added.
Two Months Late?
The memo, which only informed workers of the breach two months after it occurred, is sparse on details, yet it does referred to the attack as ‘incidents’ in the plural, suggesting that it may be more than one breach.
It also does not categorically state that the cyberattack was contained to the servers holding employee social security details.
The breach was first discovered by cybersecurity personnel working for NASA. The servers they are investigating hold the personally identifiable information of NASA employees. The potential data stolen could be significant, as NASA is warning previous employees from as far back as 2006 that they are involved in the breach.
The memo states that: “Those NASA Civil Service employees who were on-boarded, separated from the agency, and/or transferred between Centers, from July 2006 to October 2018, may have been affected.”
NASA’s Gibbs added: “NASA and its Federal cybersecurity partners are continuing to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals.”
NASA has confirmed to their workers that the server accessed held the social security numbers and personally identifiable information of current and past employees.
NASA would not go into details in the memo about the breach while the investigation is ongoing, but they state that they are in the process of reviewing its procedures and processes in order to ensure all systems and employees are up to date with the latest cybersecurity practices.
Mr Gibbs also states that: “NASA does not believe that any Agency missions were jeopardized by the cyber incidents.”
Computer Business Review contacted NASA, but have received no reply as of time of writing.