On Tuesday, an internal memo was sent to employees at NASA to inform them of a data breach that was identified on October 23. The notice claimed that hackers were able to obtain personally identifiable information including social security numbers belonging to the space agency’s staff.
The memo was first obtained by SpaceRef and was sent by NASA’s human resources division. Despite the fact that nearly two months have passed since the agency began investigating the hack, very little information was given about the incident.
According to the memo, NASA is working with federal investigators to determine the extent of the breach and who might be responsible. It said that servers were accessed that contained the personal information of employees that worked at the agency between July 2006 and October 2018. The message was sent to inform employees to take the necessary precautions to prevent possible identity theft. It seems that investigators still haven’t narrowed down the employees who may have been affected, however the agency promised to notify individuals as that information becomes available.
When contacted for comment by Gizmodo, a NASA spokesperson could not say exactly how many employees’ information was potentially exposed, but they did confirm that the agency “does not believe that any agency missions were jeopardized by the intrusions.”
It’s unknown who’s behind the breach or what their motivation might be, but it comes at a time when the U.S. government is on high alert regarding government-sponsored cyber-espionage. Authorities reportedly believe the recent hack of Marriott hotels’ booking system, which exposed the information of 500 million guests, was an information gathering mission perpetrated by the Chinese government. The operation is believed to be connected to a larger campaign that breached the records of the U.S. Office of Personnel Management in 2014. Chinese intelligence operatives are said to find the information useful for rooting out spies, tracking government officials’ movements, and identifying future targets.
Whether NASA employees find themselves being tracked by foreign spies or just paying a $300 fraudulent sneaker bill, there’s nothing good about this. “The agency is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure the latest security practices are followed throughout the agency,” NASA’s spokesperson told us.