UPDATED 21:20 EDT / DECEMBER 19 2018

SECURITY

NASA reveals employee data stolen in October hack

The U.S. National Aeronautics and Space Administration has admitted in an internal memo that employee information was stolen in a hack that occurred in October.

The memo, first reported Tuesday by Spaceref.com, states that on Oct. 23 NASA cybersecurity personnel “began investigating a possible compromise of NASA servers where personally identifiable information was stored. “After initial analysis, NASA determined that information from one of the servers containing Social Security numbers and other PII data of current and former NASA employees may have been compromised,” the memo adds.

NASA Civil Service employees who were onboarded, separated from the agency, or transferred between centers, from July 2006 to October 2018 may have been affected by the hack. Details of how the hack took place were not forthcoming.

Stephan Chenette, chief technology officer and co-founder of AttackIQ Inc., told SiliconANGLE that this is not the first time NASA has suffered a data breach.

“In 2011, the agency admitted to 13 separate major network breaches and in 2016 we saw another major hack compromise NASA employee data, flight logs and videos, and the intruders were even able to alter the path of one of NASA’s drones,” Chenette said. “Now NASA’s current and former employees have had their personally identifiable information compromised, including Social Security numbers, exposing those affected to further instances of fraud and data leaks through other vectors.”

Earlier this year, he added, NASA received more than $20 billion for its fiscal year 2018 budget, its best budget since 2009. “After multiple serious security incidents, the agency needs to reevaluate the funds and resources it is dedicating toward cybersecurity and adopt solutions that provide visibility into their cyber readiness on a continuous basis to ensure that its systems are operating as intended and defending the organization’s data,” Chenette said. “A more robust solution will give NASA’s executive team the confidence that their operations will not be interrupted by a security breach, thus saving time, money, intellectual property and more.”

Gaurav Banga, chief executive officer of Balbix Inc., noted that “NASA and other government agencies store massive amounts of highly sensitive data. As disastrous as it is for NASA to expose its employees’ personally identifiable information, this breach indicates the agency needs to strengthen its current security measures to ensure all other data is secure and can’t be exploited for more sinister intentions.”

Craig Young, computer security researcher for Tripwire Inc.’s Vulnerability and Exposure Research Team, looked at the bigger picture, saying that NASA was long considered by many to be the epitome of high tech, so its breach shows how even the best can fall prey to hacking.

“One of the most important things individuals can do to help avoid a breach is to be vigilant about password security and mindful of unsolicited links and attachments coming in over email and chat,” Young added.

Photo: NASA/ Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU