NASA gets hacked; employees’ personal data leaked

NASA hacked by AnonSec that hijacked a $222m Global Hawk drone

The agency is in the process of notifying employees affected by this security incident

The National Aeronautics and Space Administration (NASA) is notifying its employees of a data breach in its systems, an incident that exposed the social security numbers of the agency’s employees, among other personal details, as cybersecurity experts from the International Institute of Cyber Security reported.

The agency details in the notification of the incident that a hacker or hacker group compromised at least one of its servers; so far it is possible to confirm that the security breach affected many of the agency’s employees, as well as some former collaborators.

A website specializing in cybersecurity issues published the report of the incident that NASA drew up for its employees, where the agency mentions that it is investigating the incident due to unusual activity detected on its servers at the end of October .

“Last October 23, 2018, our cybersecurity staff began investigating a potential intrusion in one of our servers, used to store employees’ personal information” mentions the NASA report. “After the first investigations, NASA has determined that some personal details, such as Social Security numbers and other personal identification information could have been compromised”.

The space agency confirmed that this data breach could affect NASA Civil Service employees in current missions, separated from the agency or transferred between the various agency centers between July 2006 and October 2018.

NASA, along with some U.S. government security agencies, is analyzing the agency’s critical infrastructure to determine as accurately as possible the scope of the incident, as well as establishing a trail to find those responsible for the data breach. “This process could take a while,” mention NASA spokespersons.

“Senior managers of the agency are collaborating in this research, which is one of our main priorities nowadays. We also ruled out that none of our ongoing missions have been compromised by some cyberattack,” the agency’s report mentions.

NASA will provide information tracking for affected employees, as well as identity fraud protection services.

“For the agency, protecting employees’ personal information is a serious issue. NASA will continue its efforts to secure any committed part of our IT infrastructure to ensure that the agency meets the best safety practices,” concludes the report.