NASA yesterday alerted its employees of a possible compromise of NASA servers containing personally identifiable information.
A Dec. 18 advisory posted to the SpaceRef website warns that one of the servers contained Social Security numbers and other sensitive information belonging to current and former NASA employees. More specifically, the breach affects NASA Civil Service employees who were added to or removed from the agency, or transferred between Centers, from July 2006 through October 2018, when the investigation began.
"Upon discovery of the incidents, NASA cybersecurity personnel took immediate action to secure the servers and the data contained within," says the disclosure, authored by Bob Gibbs, assistant administrator at NASA's Office of the Chief Human Capital Officer. "NASA and its federal cybersecurity partners are continuing to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals. This process will take time. The ongoing investigation is a top agency priority, with senior leadership actively involved."
"NASA does not believe that any Agency missions were jeopardized by the cyber incidents," Gibbs' message continues.