NASA Discloses A Data Breach

The US National Aeronautics and Space Administration (NASA) admitted recently to getting hacked in 2018. Hack took place in October 2018. Agency still doesn't know the number of impacted employees. In an internal memo sent to all employees, the agency said that an unknown intruder gained access to one of its servers storing the personal data of current and former employees. Social Security numbers were also compromised, NASA said.

The agency said it discovered the hack on October 23, almost two months ago. It is unclear why the agency waited nearly two months to notify employees, but it is common for US law enforcement to ask hacked organizations to delay notifying affected victims while they investigate an incident.

NASA confirmed it was working with federal cybersecurity partners "to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals."

The agency still doesn't know the scope of the breach and the number of impacted employees. In its memo today, NASA said it was notifying all employees so they could take countermeasures against possible fraud, as a precaution.

"Those NASA Civil Service employees who were on-boarded, separated from the agency, and/or transferred between Centers, from July 2006 to October 2018, may have been affected," said Bob Gibbs, NASA Assistant Administrator, in the memo.

"Once identified, NASA will provide specific follow-up information to those employees, past and present, whose PII was affected, to include offering identity protection services and related resources, as appropriate," he said.

The agency said the investigation into the hack "will take time."

NASA also said it didn't believe that any of its missions were jeopardised by the hack. The US space agency also suffered similar security breaches in 2011 and 2016.

A NASA spokesperson has provided the following statement in regards to the incident:

‘On Oct. 23, 2018, NASA cybersecurity personnel began investigating the potential compromise of NASA servers. One of the servers contained personally identifiable information (PII) on current and past NASA employees and these data may have been exfiltrated. The agency will provide identity protection services to all potentially affected individuals.

NASA does not believe that any agency missions were jeopardized by the intrusions.  Once discovered, NASA took immediate action to secure the impacted servers and has been working to perform a forensic analysis since then, this process will take time. The ongoing investigation is a top NASA priority.

NASA takes cybersecurity very seriously and is committed to devoting the necessary resources to ensure the security of agency information and IT systems.

The agency is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure the latest security practices are followed throughout the agency.’  

ZDNet:

Should US Hacked Federal Employees Lose Security Clearance?:

 
« US Treasury Sanctions Russians For Electoral Interference
Payment Accepted Emails – Don't Click »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CGI Group

CGI Group

CGI is a leading IT and business process services provider. Services include IT consulting, Systems Integration, Application Development, Infrastructure, Business Processes, Digital IP.

Cyber Security Recruiters

Cyber Security Recruiters

Cyber Security Recruiters is a niche recruiting firm who finds impact players for our clients in the Information Security Space.

MaxMind

MaxMind

MaxMind is an industry-leading provider of IP intelligence and online fraud detection tools.

Finnish Information Security Cluster (FISC)

Finnish Information Security Cluster (FISC)

FISC is an organization established by major Finnish information security companies to promote their activities nationally and internationally.

CYBERSEC Forum

CYBERSEC Forum

CYBERSEC Forum is an annual European Public Policy Conference dedicated to strategic aspects of cybersecurity.

IT Career Switch

IT Career Switch

An IT Career Switch Traineeship is the easiest way to start a new career in IT or Cybersecurity with fantastic career prospects.

EUROCONTROL

EUROCONTROL

EUROCONTROL is a pan-European, civil-military organisation dedicated to supporting European aviation. We help our stakeholders protect themselves against cyber threats.

Meriplex

Meriplex

Meriplex is a Managed Services provider specializing in Intelligent Networks, Cybersecurity and Cloud Communications.

SecureStrux

SecureStrux

SecureStrux are a cybersecurity consulting firm providing specialized services in the areas of compliance, vulnerability assessment, computer network defense, and cybersecurity strategies.

Hybrid Identity Protection Conference (HIP)

Hybrid Identity Protection Conference (HIP)

Hybrid Identity Protection (HIP) is the premier educational forum for identity-centric cybersecurity practitioners charged with defending hybrid cloud environments.

Punk Security

Punk Security

Punk Security are specialists in integrating security into DevOps pipelines, enabling rapid and secure development.

Cyber1

Cyber1

CYBER1 is a leader in cyber security advisory and solutions. We are uniquely placed to help customers achieve cyber resilience and thus, safeguard reputation and value.

C2 Risk

C2 Risk

C2 Risk are focussed on risk analytics for information assurance, privacy and ESG (Environmental, Social, and Governance).

Redefine

Redefine

Redefine are Crypto-Native, Cyber Experts, and Blockchain Believers. We are here to make Web3 anti-fragile, safe and accessible to all.

Oduma Solutions

Oduma Solutions

Oduma Solutions is a wholly owned Ghanaian Cybersecurity company that offers information security services to organisations seeking to improve their security posture.

Astreya

Astreya

Astreya is the leading IT solutions provider for some of the world's most recognizable and innovative organizations.