According to an internal memo obtained by SpaceRef, the National Aeronautics and Space Administration (NASA) suffered a breach of employee personally identifiable information (PII), leaving civil service employees who worked for the agency from July 2006 to October 2018 potentially affected.
NASA informed employees of the breach on Tuesday, and noted that the possible compromise was discovered on October 23 and immediately addressed. The breach affected servers that contain “Social Security numbers and other PII data of current and former NASA employees,” according to the report.
“Once identified, NASA will provide specific follow-up information to those employees, past and present, whose PII was affected, to include offering identity protection services and related resources, as appropriate,” said Bob Gibbs, the agency’s chief human capital officer, in the memo.
“Our entire leadership team takes the protection of personal information very seriously. Information security remains a top priority for NASA. NASA is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure that the latest security practices are being followed throughout the agency,” the memo states.
The breach is just the latest misstep for NASA in the cybersecurity arena.
A GAO report earlier this year found that NASA was not properly managing its IT systems and their security, and NASA’s inspector general Federal Information Security Modernization Act (FISMA) audit for FY2017 found that the agency needed to take “considerable action to close cybersecurity capability gaps and combat evolving cyber threats.”