NASA Discloses A Data Breach

Uploaded on 2019-01-09 in NEWS-News Analysis, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Transport & Travel

The US National Aeronautics and Space Administration (NASA) admitted recently to getting hacked in 2018. Hack took place in October 2018. Agency still doesn't know the number of impacted employees. In an internal memo sent to all employees, the agency said that an unknown intruder gained access to one of its servers storing the personal data of current and former employees. Social Security numbers were also compromised, NASA said.

The agency said it discovered the hack on October 23, almost two months ago. It is unclear why the agency waited nearly two months to notify employees, but it is common for US law enforcement to ask hacked organizations to delay notifying affected victims while they investigate an incident.

NASA confirmed it was working with federal cybersecurity partners "to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals."

The agency still doesn't know the scope of the breach and the number of impacted employees. In its memo today, NASA said it was notifying all employees so they could take countermeasures against possible fraud, as a precaution.

"Those NASA Civil Service employees who were on-boarded, separated from the agency, and/or transferred between Centers, from July 2006 to October 2018, may have been affected," said Bob Gibbs, NASA Assistant Administrator, in the memo.

"Once identified, NASA will provide specific follow-up information to those employees, past and present, whose PII was affected, to include offering identity protection services and related resources, as appropriate," he said.

The agency said the investigation into the hack "will take time."

NASA also said it didn't believe that any of its missions were jeopardised by the hack. The US space agency also suffered similar security breaches in 2011 and 2016.

A NASA spokesperson has provided the following statement in regards to the incident:

‘On Oct. 23, 2018, NASA cybersecurity personnel began investigating the potential compromise of NASA servers. One of the servers contained personally identifiable information (PII) on current and past NASA employees and these data may have been exfiltrated. The agency will provide identity protection services to all potentially affected individuals.

NASA does not believe that any agency missions were jeopardized by the intrusions.  Once discovered, NASA took immediate action to secure the impacted servers and has been working to perform a forensic analysis since then, this process will take time. The ongoing investigation is a top NASA priority.

NASA takes cybersecurity very seriously and is committed to devoting the necessary resources to ensure the security of agency information and IT systems.

The agency is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure the latest security practices are followed throughout the agency.’  

ZDNet:

Should US Hacked Federal Employees Lose Security Clearance?:

 
« US Treasury Sanctions Russians For Electoral Interference
Payment Accepted Emails – Don't Click »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Proofpoint

Proofpoint

Proofpoint provide the most effective cybersecurity and compliance solutions to protect people on every channel including email, the web, the cloud, social media and mobile messaging.

Cybercom Group

Cybercom Group

Cybercom offers strategic advice, testing & quality assurance, security solutions, system development, integration, management and operation services.

Software Factory

Software Factory

Software Factory develops custom-built high-performance software solutions and products for applications including industrial cyber security.

Assured Information Security (AIS)

Assured Information Security (AIS)

AIS is committed to providing our customers with critical information security products, services, and training. We support diverse needs throughout business and industry.

SentryBay

SentryBay

SentryBay is a real-time data security company developing technology for PC, mobile, the cloud and IoT.

OneSpan

OneSpan

OneSpan (formerly Vasco Data Security) is a global leader in digital identity security, transaction security and business productivity.

ACM-CCAS

ACM-CCAS

ACM is a UKAS-accredited certification body helping businesses around the world perform to a higher standard. Our certifications include ISO 27001 and ISO 22301.

Intel Capital

Intel Capital

Intel Capital, Intel's strategic investment organization, backs innovative technology startups and companies worldwide. We invest in a broad range of hardware, software, and services.

ShardSecure

ShardSecure

ShardSecure Microshard technology eliminates data sensitivity, providing security, privacy and compliance beyond encryption.

Fifosys

Fifosys

Fifosys is a professional technology infrastructure specialist, delivering a broad portfolio of high quality technical and strategic managed services.

Cyber Resilience Centre for Wales (WCRC)

Cyber Resilience Centre for Wales (WCRC)

The Cyber Resilience Centre for Wales (WCRC) is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Redbot Security

Redbot Security

Redbot Security provides industry leading manual penetration testing. Protecting critical systems and data - red team attack and breach simulations, (OT) critical infrastructure testing.

Arcserve

Arcserve

Defend your data with Arcserve all-in-one data protection and management solutions designed to be the right fit for your business, regardless of size or complexity.

Solvo

Solvo

Solvo enables security teams and other stakeholders to automatically uncover, prioritize, mitigate and remediate cloud infrastructure access risks.

Sequentur

Sequentur

Sequentur is an award-winning Managed IT Services company. We are SOC 2 certified and provide Managed IT Services and Cybersecurity services to businesses nationwide.

Kong

Kong

Kong - powering the API world. Increase developer productivity, security, and performance at scale with the unified platform for API management, service mesh, and ingress controller.