WASHINGTON, U.S. – At a time when the world’s largest economy is intensifying its crackdown on government-sponsored cyber espionage, lambasting and punishing allies and enemies alike for such activities – the American space agency, NASA has revealed that it recently suffered a major security breach.
The independent agency of the U.S. Federal Government which is responsible for the civilian space program and aerospace research, the U.S. National Aeronautics and Space Administration (NASA) has revealed that two of its servers had been compromised by hackers.
In an email to its staff, NASA’s human resources division revealed details of the cyber attack and said that the agency’s cybersecurity staff had been investigating the incident since October 23.
The space agency wrote in the internal memo that it suspected that two of its servers containing details of past and present employees had been compromised in the hacking.
NASA has not revealed the magnitude of the data breach in either the internal memo, or in subsequent statements acknowledging the hacking – but clarified that the agency “does not believe that any agency missions were jeopardized by the intrusions.”
In the email, which was first published by the SpaceRef news site, NASA warned its staff that hackers may have stolen their personal details and urged them to take precautions to avoid identity theft.
The agency also wrote that it had been working with federal investigators since October to probe the breach.
The agency wrote in the email, “Our entire leadership team takes the protection of personal information very seriously. NASA is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure that the latest security practices are being followed throughout the agency.”
According to NASA, hackers might have stolen social security numbers and other private information belonging to civil service employees who worked for the agency between July 2006 and October 2018.
Bob Gibbs, NASA Assistant Administrator, said in the memo, “Those NASA Civil Service employees who were on-boarded, separated from the agency, and/or transferred between Centers, from July 2006 to October 2018, may have been affected.”
Following NASA’s revelation, cybersecurity experts pointed out that NASA has faced several cyber attacks in the past, but that the recent breach was the latest in a series of intrusions since 2011 that the space agency has publicly acknowledged.
Other experts were alarmed that in two months of investigation, NASA – which holds a trove of vital national security-related information – had failed to establish more details about the hacking.
NASA merely said in its memo that it was working with federal cybersecurity partners “to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals.”
The agency also noted that it would inform the employees affected by the breach as soon as it acquires that information through the investigation.
Gibbs said, “Once identified, NASA will provide specific follow-up information to those employees, past and present, whose PII was affected, to include offering identity protection services and related resources, as appropriate.”
He added, “This process will take time. The ongoing investigation is a top agency priority, with senior leadership actively involved.”
Previously, NASA has suffered major attacks in 2011 and in 2013.
In 2011, hackers took control of computers in NASA’s Jet Propulsion Laboratory.
In 2013, a hacking gang calling itself the Master Italian Hackers Team defaced eight NASA web domains.