NASA has been hacked, with the unknown assailants gaining access to employees' personal data. The space agency sent an email to staff warning them that their personal details may have been stolen by audacious hackers.
The hack successfully targeted two of NASA’s servers, both of which contained personally identifiable information (PII) about former and current members of staff. Among the information stored were employees’ Social Security numbers.
The email sent to employees has since been leaked to website SpaceRef, where a copy of the circulated memo can be found in full. It reveals that investigations into the data breach have been ongoing since 23 October, warning that any staff who were “on-boarded, separated from the agency, and/or transferred between Centers” from July 2006 to October 2018 might have been affected.
This isn’t the first time NASA has fallen short of the airtight data security expected of a government agency. The organisation has experienced a series of high-profile data breaches over the past seven years. In 2011, hackers gained “full functional control” of NASA’s Jet Propulsion Laboratory (JPL), a feat which “compromised the accounts of the most privileged JPL users”, according to NASA Inspector General, Paul K. Martin.
NASA suffered another breach back in 2013, which saw eight of its web domains compromised by the self-styled Master Italian Hackers Team.
For its part, NASA appeared earnest about cyber security in the company-wide email. “Our entire leadership team takes the protection of personal information very seriously. Information remains a top priority for NASA,” it said.
“NASA is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure that the latest security practices are being followed throughout the agency.”
Given the frequency with which data breaches at NASA take place, some people want more action. Speaking to the BBC, chief security officer at endpoint security firm Cybereason, Sam Curry, said, “The public want to know that this government agency is learning from the past, we want the post-mortem.” The issue pertains to the public more broadly, too: “There are many things at NASA in the national security domain which are of vital importance,” he pointed out.
NASA has communicated that it has no reason to believe any of its missions have been put in jeopardy on the back of the hacking episode.