After security breaches in 2011 and 2016, the US National Aeronautics and Space Administration (NASA) has confirmed a third breach, occurring earlier this year, where personally identifiable information of employees may have been compromised.
In a memo to all staff sent out December 18, NASA said its cybersecurity personnel began investigating a possible compromise of the agency’s servers that stored personally identifiable information (PII).
“After initial analysis, NASA determined that information from one of the servers containing Social Security numbers and other PII data of current and former NASA employees may have been compromised,” reads the memo.
NASA learned of the incident in October and took immediate steps to contain the breach. It is only now notifying employees, likely at the guidance of law enforcement which sometimes prefers to keep these kinds of investigations under wraps until the proper course of action is determined. The investigation is ongoing.
“NASA does not believe that any Agency missions were jeopardized by the cyber incidents,” the agency said.
NASA is sending the memo to all employees, whether they were affected or not. The space agency clarifies that those employees who were on-boarded, separated from the agency, and/or transferred between centers, from July 2006 to October 2018, may have been affected.
NASA promises to offer identity protection services and related resources as appropriate once the investigation concludes.