Nasa hack exposes data on space agency's servers

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Hackers have targeted computer servers at Nasa and exposed the personal details of current and former employees, the space agency has revealed.

Nasa informed employees of the hack in an internal memo, adding it is treating the incident as a “top priority”.

Cyber security specialists at Nasa began investigating the issue in October after suspecting one of its servers had been compromised, the agency said in the memo sent on Tuesday.

“Upon discovery of the incidents, Nasa cyber security personnel took immediate action to secure the servers and the data contained within,” Bob Gibbs, Nasa’s chief human capital officer, said in the message.

“Nasa and its federal cyber security partners are continuing to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals. This process will take time. The ongoing investigation is a top agency priority, with senior leadership actively involved. Nasa does not believe that any agency missions were jeopardised by the cyber incidents.”

Mr Gibbs said initial analysis suggests social security numbers and other personally identifiable information was compromised.

Nasa staff affected potentially include anyone employed under Nasa Civil Service between July 2006 and October 2018.

No mission critical data is believed to be exposed by the data breach and it is still unknown who was behind the hack.

“Once identified, Nasa will provide specific follow-up information to those employees, past and present, whose PII was affected, to include offering identity protection services and related resources, as appropriate,” the agency stated.

“Nasa is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure that the latest security practices are being followed throughout the agency.”

Security experts told The Independent the space agency needs to do more to protect its data, given its previous track record with data breaches.

“This is the third breach of Nasa since 2011. The first priority should be to limit harm and help the victims while also ensuring that the breach is remediated, but after that it’s time to go into the more painful mission phase and learn from the results,” said Sam Curry, chief security officer at Cybereason.

“Countermeasures are important, but we the public want to know that this government agency is learning from the past, we want the post mortem, we want the agency to get better because while PII and employee privacy are vital, there are many things at Nasa in the national security domain and are of vital importance to the nation. From a security perspective, we all hope that the third time is a charm and that there is no fourth.”

Nasa did not immediately respond to a request for comment.