NASA Discloses A Data Breach

Uploaded on 2019-01-09 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Transport & Travel

The US National Aeronautics and Space Administration (NASA) admitted recently to getting hacked in 2018. Hack took place in October 2018. Agency still doesn't know the number of impacted employees. In an internal memo sent to all employees, the agency said that an unknown intruder gained access to one of its servers storing the personal data of current and former employees. Social Security numbers were also compromised, NASA said.

The agency said it discovered the hack on October 23, almost two months ago. It is unclear why the agency waited nearly two months to notify employees, but it is common for US law enforcement to ask hacked organizations to delay notifying affected victims while they investigate an incident.

NASA confirmed it was working with federal cybersecurity partners "to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals."

The agency still doesn't know the scope of the breach and the number of impacted employees. In its memo today, NASA said it was notifying all employees so they could take countermeasures against possible fraud, as a precaution.

"Those NASA Civil Service employees who were on-boarded, separated from the agency, and/or transferred between Centers, from July 2006 to October 2018, may have been affected," said Bob Gibbs, NASA Assistant Administrator, in the memo.

"Once identified, NASA will provide specific follow-up information to those employees, past and present, whose PII was affected, to include offering identity protection services and related resources, as appropriate," he said.

The agency said the investigation into the hack "will take time."

NASA also said it didn't believe that any of its missions were jeopardised by the hack. The US space agency also suffered similar security breaches in 2011 and 2016.

A NASA spokesperson has provided the following statement in regards to the incident:

‘On Oct. 23, 2018, NASA cybersecurity personnel began investigating the potential compromise of NASA servers. One of the servers contained personally identifiable information (PII) on current and past NASA employees and these data may have been exfiltrated. The agency will provide identity protection services to all potentially affected individuals.

NASA does not believe that any agency missions were jeopardized by the intrusions.  Once discovered, NASA took immediate action to secure the impacted servers and has been working to perform a forensic analysis since then, this process will take time. The ongoing investigation is a top NASA priority.

NASA takes cybersecurity very seriously and is committed to devoting the necessary resources to ensure the security of agency information and IT systems.

The agency is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure the latest security practices are followed throughout the agency.’  

ZDNet:

Should US Hacked Federal Employees Lose Security Clearance?:

 
« US Treasury Sanctions Russians For Electoral Interference
Payment Accepted Emails – Don't Click »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

TechInsurance

TechInsurance

TechInsurance is America's top technology insurance company offering a range of technology related products including Cyber Liability insurance.

Westermo Network Technologies

Westermo Network Technologies

Westermo designs and manufactures robust, resilient and secure data communications products for mission-critical industrial systems.

DocAuthority

DocAuthority

DocAuthority automatically discovers and accurately identifies unprotected, sensitive documents, enabling a broad yet business-friendly security policy.

Haltdos

Haltdos

Haltdos is an AI driven website protection service that secures websites against today's cyber threats.

FoxGuard Solutions

FoxGuard Solutions

FoxGuard Solutions develops customized cyber security, compliance and industrial computing solutions for critical infrastructure entities and control system vendors.

Bechtel

Bechtel

Bechtel’s Industrial Control Systems Cyber Security Laboratory focuses on protecting large-scale industrial and infrastructure systems that support critical infrastructure.

Guardsquare

Guardsquare

GuardSquare is the global reference in mobile application protection. We develop premium software for the protection of mobile applications against reverse engineering and hacking.

Callsign

Callsign

Callsign’s mission is to seamlessly power the identification of every web, mobile and physical interaction.

MPC Alliance

MPC Alliance

A consortium of developers and practitioners of multiparty computation (MPC), committed to accelerating market awareness and adoption of MPC to increase the security and privacy of online services.

Cobalt Iron

Cobalt Iron

Cobalt Iron is a global leader in SaaS-based enterprise backup and data protection technology.

NINJIO

NINJIO

NINJIO is a leader in cybersecurity awareness training. View IT Security Awareness through a different lens - entertain and educate your users through storytelling.

BalkanID

BalkanID

BalkanID is an Identity governance solution that leverages data science to provide visibility into your SaaS & public cloud entitlement sprawl.

Tenable

Tenable

Organizations around the world rely on Tenable to help them understand and reduce cybersecurity risk across their attack surface—in the cloud or on-premises, from IT to OT and beyond.

Endor Labs

Endor Labs

Endor Labs gives developers and security teams the context they need to prioritize open source risk.

Sinergi Digital

Sinergi Digital

Sinergi Digital is a business unit of the Metrodata Group with a focus on providing ICT solution to help accelerating digital transformation.

Velaspan

Velaspan

Velaspan design, deploy, and manage enterprise wireless networks and cybersecurity solutions for leading businesses and brands.