Personal information of some of the current and former employees at NASA may have been stolen in a data breach that hit the US space agency in October this year, a media report said.
In an internal memo sent to employees on Tuesday and published by US-based space news portal SpaceRef.com, NASA admitted to getting hacked almost two months after the breach was discovered.
The people behind the hacking have not yet been identified as NASA said that an unknown intruder got access to one of the agency’s servers holding the personal data of the employees.
The scope of the breach and the number of affected employees are also not yet known.
In its memo, NASA said that the hack probably did not jeopardise any of its missions.
“Those NASA Civil Service employees who were on-boarded, separated from the agency, and/or transferred between Centers, from July 2006 to October 2018, may have been affected,” NASA Assistant Administrator Bob Gibbs said in the memo.
NASA has started notifying all its employees about the breach, regardless of whether or not their information may have been compromised so that they could take preventive measures.
“Once identified, NASA will provide specific follow-up information to those employees, past and present, whose personally identifiable information (PII) was affected, to include offering identity protection services and related resources, as appropriate,” Gibbs said.
NASA discovered the hack on October 23 and informed that it was working with federal cybersecurity partners “to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals.”
“This process will take time. The ongoing investigation is a top agency priority, with senior leadership actively involved,” Gibbs said.
NASA also suffered similar security breaches in 2011 and 2016, reported CNET’s sister site ZDNet.