THE US NATIONAL AERONAUTICS AND SPACE ADMINISTRATION – or NASA to most people – has sent out an internal memo warning staff than an unknown intruder has infiltrated its systems. But far from being the start of some science-fiction thriller, this appears to be a common or garden hacker, more interested in social security numbers than eating brains and taking over the galaxy.
The internal memo will be an unwelcome message for staff heading home for Christmas, and even more upsetting when they see the dates mentioned. It seems NASA has been sat on this data breach for some time, revealing that it began its investigation on 23 October.
Unlike in the EU with GDPR, there’s no obligation for hacks to be revealed within 72 hours, but two months is still an unusually long period of time, indicating that US law enforcement may have wanted to get a look before the news became public.
Indeed, the space agency confirmed that it was working with “its Federal cybersecurity partners” in examining “the scope of the potential data exfiltration and identify potentially affected individuals.”
There are already some clues though. NASA confirmed that one possibly-compromised server contained Social Security numbers and “other PII data of current and former NASA employees”. NASA isn’t sure which employees are impacted, but it could be a lot, and the space agency has sent the memo out to anyone who worked with them between July 2006 and October 2018. Given NASA currently employs over 17,000 people, the hacker could have made off with quite a data haul.
You may be getting a sense of deja vu reading this story, which is unsurprising given the space agency suffered similar hacks in 2012 and 2016. You’d hope that NASA would have upped its cybersecurity defences since then, but as a recent report on the security of actual ballistic missiles showed, sometimes expectations fall far short of the reality. µ
Source : Inquirer