The US National Aeronautics and Space Administration (NASA) has revealed that it suffered a data breach earlier this year.
In an internal memo sent out to all of its employees, the agency explained that an unknown third party had gained access to one of its servers which contained the personal data including the social security numbers of both current and former employees.
NASA discovered the hack at the end of October but waited two months before notifying its employees. While the agency’s reason for waiting so long to disclose the hack is unclear, it is a common practice of US law enforcement to have organisations that fall victim to a hack to wait to reveal the details of a breach during their initial investigation.
NASA has confirmed that it is currently working with federal cybersecurity partners in an effort to “examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals.”
Preventing possible fraud
The agency is still currently unaware of the full extent of the breach and the number of affected employees though in its memo, NASA explained that it is notifying all employees so that they can take the necessary precautions to prevent fraud.
NASA Assistant Administrator Bob Gibbs offered further details on which employees might be affected in the agency’s internal memo, saying:
“This message is being sent to all NASA employees for awareness, regardless of whether or not your information may have been compromised. Those NASA Civil Service employees who were on-boarded, separated from the agency, and/or transferred between Centers, from July 2006 to October 2018, may have been affected. Once identified, NASA will provide specific follow-up information to those employees, past and present, whose PII was affected, to include offering identity protection services and related resources, as appropriate.”
The agency stressed the fact that uncovering all of the details of the breach will take time though it did reassure the public that none of its missions were jeopardised by the hack.