NASA says it was hacked earlier this year, according to a memo sent to employees Tuesday.
In the memo, NASA said an unauthorized user accessed a server containing Social Security numbers and personally identifiable information on current and former employees. Personnel began investigating the breach on Oct. 23, at which point NASA “took immediate action to secure the servers,” the agency said. An investigation is ongoing, though NASA says it does not believe any agency missions were jeopardized by the “cyber incidents.”
NASA Civil Service employees who joined the agency, separated from the agency, and/or were transferred between NASA centers between July 2006 and October 2018 may have been affected, according to the internal memo.
“NASA and its federal cybersecurity partners are continuing to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals,” the agency said. “This process will take time. The ongoing investigation is a top agency priority, with senior leadership actively involved.”
A NASA spokeswoman, when reached by phone, said the agency waited nearly two months to disclose the breach while investigators examined the full scope of the incident.
“We didn’t want to rattle people,” she added.
The U.S. space agency has struggled with cybersecurity in recent years, once admitting it experienced 13 separate major network security breaches in 2011 alone. Other government agencies with a related focus are similarly vulnerable.