The US National Aeronautics and Space Administration (NASA) disclosed that it has suffered a data breach that may have resulted in the compromise of personal information of both current and former employees. Although the number of employees affected in the breach is unknown, the organization has confirmed that the hacked information belongs to those employees who were/are in NASA between July 2006 and October 2018.
About the breach
In an internal memo, the agency said that it discovered the hack on October 23 after it detected an intrusion in one of its servers containing Personally Identifiable Information (PII) of employees.
Upon discovery, the NASA cybersecurity personnel took immediate action to secure the affected server and protect the personal data. It is working closely with Federal cybersecurity partners to determine the scope of the attack and the number of employees affected.
"Those NASA Civil Service employees who were on-boarded, separated from the agency, and/or transferred between Centers, from July 2006 to October 2018, may have been affected," said Bob Gibbs, NASA Assistant Administrator, in the memo.
"Once identified, NASA will provide specific follow-up information to those employees, past and present, whose PII was affected, to include offering identity protection services and related resources, as appropriate," he added.
What has NASA done so far?
NASA has also started notifying all its employees about the breach, regardless of whether or not their information may have been compromised. This is being done to alert the employees so that they can take countermeasures against possible fraud.
As a part of the precautionary measures, the agency is also reviewing its security processes and procedures to ensure that all its systems and infrastructures are secured against future attacks.