NASA has warned its employees that hackers may have obtained data that included their personal information, in an internal email. The US space agency says two servers had been compromised that contained the personal data in October, but noted that they don’t believe any missions have been threatened. The memo was initially published by SpaceRef, and was described in a BBC News report.
The incident follows a series of NASA data breaches that have occurred since 2011, including one that year in which hackers wrested control of computers in NASA’s Jet Propulsion Laboratory.
The agency said in the memo:
“Our entire leadership team takes the protection of personal information very seriously. Nasa is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure that the latest security practices are being followed throughout the agency.”
NASA said the matter has been under investigation since October 23rd, when the breach was first identified. They warned that social security numbers and other private data may have been exposed, for employees that have worked for NASA since July of 2006. They advised staff members to take steps to prevent identity theft.
In another breach in 2013, eight NASA web domains were defaced by a group of hackers calling itself the Master Italian Hackers Team.
Sam Curry, chief security officer with the cyber security firm Cybereason, said:
“The public want to know that this government agency is learning from the past, we want the post-mortem. There are many things at Nasa in the national security domain which are of vital importance.”
The identity of the hackers is unclear, but the incident comes as the US government steps up cybersecurity efforts. A recent breach of the Marriott hotels booking system compromised data from 500 million guests, and is thought to be the work of hackers that were sponsored by the Chinese government. That breach may have been part of their ongoing information-gathering efforts, thought to also include a 2014 breach of records at the US Office of Personnel Management.
Such data is thought to be useful for Chinese intelligence efforts, in finding spies, tracking government officials, and finding targets for future hacking efforts.
A NASA spokesperson told Gizmodo:
“The agency is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure the latest security practices are followed throughout the agency.”