The space agency, NASA, may have become the latest US organisation to fall victim to a breach, with past and present employees’ personal data feared to have been stolen.
In an internal memo leaked to the SpaceRef news site, employees were warned that hackers may have compromised a server containing their social security numbers and other identifying information.
NASA has been investigating the incident in collaboration with government cyber security partners since 23 October, but is yet to determine the scope of the suspected breach.
Sign up to Emerging Threats, our weekly cyber security newsletter
“Our entire leadership team takes the protection of personal information very seriously. Information security remains a top priority for NASA,” the memo stated. “NASA is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure that the latest security practices are being followed throughout the agency.”
The memo added that NASA does not believe an of its missions were jeapordised by the incidents, and that it would update employees once it had identified whose data has been affected.
Sam Curry, chief security officer at Cybereason, noted that the breach represented the third NASA has suffered since 2011. “Countermeasures are important, but we the public want to know that this government agency is learning from the past,” he added. “We want the post mortem and we want the agency to get better because while PII and employee privacy are vital, there are many things at NASA in the national security domain and are of vital importance to the nation.”
The breach proves that technological progress has “dangerously outstripped even basic data security practices”, according to VChain Technology’s CEO Irra Ariella Khi. “NASA is probably one of the most technologically sophisticated organisations in the world – yet, when it comes to data privacy, even it has fallen down,” she added.