Sensitive NASA data at risk following stolen laptop

Share this article:

A laptop containing the unencrypted personal information belonging to NASA workers was stolen from an employee's car.

How many victims? A “large number” of workers, according to an email sent to NASA employees.

What type of personal information? Personally identifiable information, including Social Security numbers.

What was the response? The agency offered free credit-monitoring services for affected employees. In addition, NASA has implemented new policies that include the mandatory full-disk encryption for agency-issued computers that leave the premises, as well the adoption of a rule that does not allow employees to store sensitive data on mobile devices. By Dec. 21 all of the agency's laptops must be encrypted.

Details: The breach took place on Oct. 31, and a letter alerting employees of the incident was sent this week. Along with the laptop containing the unencrypted data, other documents were said to have been stolen. NASA faced a similar breach in March 2011 after a laptop was stolen from an employee's car at the Kennedy Space Center in Florida.

Quote: “We are thoroughly assessing and investigating the incident, and taking every possible action to mitigate the risk of harm or inconvenience to affected employees,” Richard Keegan Jr., associate deputy administrator at NASA, said in an email to employees.

Source: www.space.com, “Stolen NASA Laptop Prompts New Security Rules,” Nov. 15, 2012.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

Transcript website flaw exposed personal data on 98k users

NeedMyTranscripts.com expose users' names, addresses and dates of birth, among other information, due to a site flaw that one user discovered.

Sourcebooks payment card breach impacts more than 5,000 customers

More than 5,000 customers had personal information stolen, but roughly 9,000 notification letters were sent out as a precautionary measure.

Cyberswim notifies customers that payment card data may be at risk

Malicious software installed on Sept. 24 may have compromised personal information for visitors that made purchases between May 12 and Aug. 28.