The US National Aeronautics and Space Administration (NASA) admitted today that they had been hacked earlier this year. Even though NASA detected the hack some two months back on 23rd October, they waited two months to notify their employees. The delay in notifying the employees may be due to the fact that the US law enforcement asks the hacked organizations to do so.
NASA sent a memo to all its employees disclosing the fact that one of their servers which stored personal data of all present and former employees was hacked by some unknown intruder. The Social Security numbers were also compromised. However, NASA believes that their missions have not been compromised in any way by this attack as they have faced similar security breaches in the years 2011 and 2016. Upon discovering the attack, NASA took immediate measures to secure the servers and the data.
During these two months of silence, NASA was working with federal cybersecurity partners “to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals.” The agency is still in the dark about the depth of this situation and they are unable to locate the number of employees affected by the security breach. Bob Gibbs, an Assistant Administrator of NASA said in the memo, “Those NASA Civil Service employees who were on-boarded, separated from the agency, and/or transferred between Centers, from July 2006 to October 2018, may have been affected.” He further added, “Once identified, NASA will provide specific follow-up information to those employees, past and present, whose PII was affected, to include offering identity protection services and related resources, as appropriate.”
NASA takes their security very seriously and to pacify the attack they are taking measures to secure all servers. NASA will also make sure that their latest security practices are being implemented in every branch of the agency and they are being followed through.