The US National Aeronautics and Space Administration (NASA) disclosed today that it had been hacked and personal data of current and former employees may have been compromised in a data breach that hit the US space agency in October, this year.
In an internal memo sent to all representatives, the agency said that an obscure intruder accessed one of its servers storing the personal information of present and previous employees. Social Security numbers were also compromised.
The agency revealed that it discovered the hack on October 23, right around two months ago. It is vague why the agency held up for about two months to notify representatives, however it is common for US law enforcement to ask hacked associations to delay notifying affected victims while they investigate an incident.
NASA affirmed that it was working with government cybersecurity accomplices “to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals.”
The US space agency still doesn’t know the scope of the rupture and the number of affected representatives. In its memo today, NASA said it was notifying all employees so that they could take countermeasures against conceivable fraud, as a safety measure.
“Those NASA Civil Service employees who were on-boarded, separated from the agency, and/or transferred between Centers, from July 2006 to October 2018, may have been affected,” said Bob Gibbs, NASA Assistant Administrator, in the memo.
“Once identified, NASA will provide specific follow-up information to those employees, past and present, whose PII was affected, to include offering identity protection services and related resources, as appropriate,” he said.
“This process will take time. The ongoing investigation is a top agency priority, with senior leadership actively involved,” Gibbs said. NASA additionally stated that it doesn’t believe that any of its missions were jeopardized by the hack.
The US space agency likewise endured comparative security rupture in 2016 when a hacker group, known as AnonSec, dumped over 250GB of information stolen from NASA. It incorporated the names, email address and phone numbers of more than 2000 NASA representatives, alongside flight logs and videos recorded by NASA aircrafts. Maybe most alarmingly, AnonSec was able to alter the flight path of one of Global Hawk NASA drones before the ground crew were able to correct the flight path by accessing the drone through satellites.
We need to find out about a Data attack in a government department or agency on a very normal premise. NASA ought to utilize frameworks that guarantee only their authorized personnel are able to access their systems, even if they have prior knowledge of the network. Incorporating strong Identity Management using biometrics would be one manner by which this could be accomplished.