NASA has disclosed a data breach that it discovered on October 23, 2018, explaining that it had found a “possible compromise” on the space agency’s servers. These servers contained personally identifiable information (PII), according to NASA, and one of the servers also contained Social Security numbers belonging to both current and former employees. A top priority investigation into the matter is still underway.
NASA disclosed the data breach to all of its employees on Tuesday, explaining that it will take time for its investigation to determine the scope of the breach and what may have been acquired. However, at this time, the space agency doesn’t believe that any of its missions were put in jeopardy by the infiltration.
The announcement was made by NASA’s Office of the Chief Human Capital Officer assistant administrator Bob Gibbs, who explained that NASA has already performed its initial analysis and secured the servers with the data. The ongoing investigation is a “process that will take time,” however, with Gibbs calling the matter a “top agency priority” that also involves senior leadership and Federal cybersecurity partners.
The space agency hasn’t disclosed whether it has a suspect or has identified the parties responsible for the breach. Based on the current investigation, NASA says that its current and former civil service employees dating back to July 2006 may have been impacted by the compromised servers.
Once NASA determines which employees were impacted by the breach, it will update them with specific information pertaining to their involvement. “As appropriate,” Gibbs said, the space agency will point these impacted employees to resources and services that protecting and monitoring their identity, among other things.