NASA hacked! Employees' personal information, social security numbers stolen
It has emerged that US space agency NASA was hacked earlier this year. On Wednesday, NASA circulated an internal memo, informing its employees that it had been hacked in October, and that employees' information had been compromised in the hack. As of now it's unclear who hacked NASA. The scope of the breach and number of affected employees is also not known. Here's more.
NASA's admission came two months after it got hacked on October 23. On that fateful day, an unknown intruder gained unauthorized access to one of NASA's servers that housed current and former employees' personally identifiable information (PII), including their Social Security numbers. However, in the memo, NASA said that none of its missions had been compromised in the hack.
"Those NASA Civil Service employees who were on-boarded, separated from the agency, and/or transferred between Centers, from July 2006 to October 2018, may have been affected. Once identified, NASA will provide specific follow-up information to those employees, past and present," said NASA in the memo.
It's unclear why NASA waited two months to disclose the hack to its employees. However, it should be noted that it's common for US law enforcement to ask hacked organizations to delay announcing data breaches to allow for investigations in to such incidents. Currently, NASA's cybersecurity team is working with "Federal cybersecurity partners" to secure all servers and determine the extent of the hack.
"Our entire leadership team takes the protection of personal information very seriously. Information security remains a top priority for NASA. NASA is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure that the latest security practices are being followed," assured NASA.
Despite NASA's assurances, some people remain skeptical about cybersecurity at the space agency. NASA Watch, a website founded by former NASA employee Keith Cowing, notes that the space agency's compliance to federal norms and regulations on cybersecurity has been "pitiful". Cowing further notes that NASA had received a "failing grade" on cybersecurity in a scorecard by the House Committee on Oversight and Government Reform.
It's worth noting that NASA hasn't had the best of cybersecurity records. In 2013, Brazilian activists, mistaking NASA for the NSA, had hacked the space agency's website and left the message, "Stop spying on us". Earlier, in 2011, 13 successful cyber attacks on the space agency had given hackers "full functional control" of critical NASA networks, including codes for the International Space Station (ISS).