NASA disclosed in an internal memo on Tuesday that a security breach of its servers exposed the data of an unknown number of current and former employees, including social security numbers and other personally identifiable information. Employees who are potentially affected by the exposure include those who were onboarded, separated from the agency, or transferred between July 2006 and October 2018. NASA currently employs more than 17,000 people.
In the memo, Assistant Administrator Bob Gibbs wrote to employees, “On Oct. 23, 2018, NASA cybersecurity personnel began investigating a possible compromise of NASA servers where personally identifiable information (PII) was stored. After initial analysis, NASA determined that information from one of the servers containing Social Security numbers and other PII data of current and former NASA employees may have been compromised.”
While the agency still has yet to determine the full scope of the incident and the number of employees affected, NASA is working with federal security partners to further investigate the breach and will provide identity protection services and related resources to employees whose personal information was exposed. The agency does not believe that any agency missions were compromised.
Moving forward, the agency said, “Our entire leadership team takes the protection of personal information very seriously. Information security remains a top priority for NASA. NASA is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure that the latest security practices are being followed throughout the agency.”
This isn’t the first time NASA has been breached. In 2011, intruders gained “full, functional control” of systems at the agency’s Jet Propulsion Laboratory. Hackers were then able to steal, edit, and delete confidential information at will. NASA later admitted that it suffered more than a dozen security breaches in 2011 alone. Then, in 2016, hackers infiltrated NASA systems yet again, altering the flight path of a Global Hawk drone and stealing personal data on over 2,000 employees. Hackers had access to NASA systems for over three years.
NASA isn’t the only government agency to suffer from a cybersecurity incident this year. In October, a data breach at Heathcare.gov, the ACA healthcare exchange website, exposed data on over 75,000 people, including the last four digits of Social Security numbers, immigration status, and insurance plan details. A month later, it was reported that a security researcher found a vulnerability in a United States Postal Service API that exposed data on over 60 million USPS customers.
According to the Identity Theft Resource Center, there have been more than 90 breaches of government agencies this year as hackers continue to set their sights on social security numbers. In 2017, over 830 data breaches involved SSNs, compromising more than than 158 million SSNs in total. It is estimated that every single federal employee has had their social security number stolen as a result of security breaches at government agencies over the past few years.
Bloom: Take Back Control of Your Data
At Bloom, we are giving you the tools to take back control of your data.
Bloom enables you to own, authorize the use of, and protect your data using the latest advancements in blockchain technology. With Bloom, the risk of your data being exposed in a data breach or leak is greatly reduced. No more centralized data storage. No more selling off your data to the highest bidder. No more risking identity theft. Your identity, and your highly sensitive personal and financial information, is securely safeguarded on your own personal device using cutting-edge cryptography.