Cyber Incident Victim: National Aeronautics and Space Administration
Date:
Oct 2018
Location:
United States of America
Summary
NASA identified a potential compromise of servers storing personally identifiable information, including Social Security numbers, belonging to current and former employees. Cybersecurity teams secured affected systems upon discovery and initiated an investigation with federal partners to determine data exfiltration scope and impacted individuals, focusing on personnel who underwent employment status changes over a multi-year period. While mission operations were unaffected, the agency prioritized reviewing security practices and committed to notifying those whose information was breached, offering identity protection services where appropriate.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 23, 2018, NASA cybersecurity personnel initiated an investigation into a potential compromise of servers containing personally identifiable information (PII). The agency subsequently determined that one server storing Social Security numbers and other sensitive data of current and former NASA employees might have been breached. Immediate containment measures were implemented to secure the affected servers and safeguard their data upon discovery of the incident. NASA collaborated with federal cybersecurity partners to conduct a thorough examination of the compromised infrastructure, focusing on determining the scope of potential data exfiltration and identifying impacted individuals. The investigation remained ongoing as of December 18, 2018, with senior leadership prioritizing the resolution. NASA confirmed the cyber incidents did not jeopardize any agency missions, though the forensic analysis required significant time to complete due to the complexity of determining data exposure timelines and affected personnel.
The potential breach affected NASA Civil Service employees who underwent onboarding, separation, or inter-center transfers between July 2006 and October 2018. While the December 18 agency-wide notification was distributed to all employees for awareness, NASA planned direct follow-up communications with confirmed affected individuals—both current and former staff—once identification processes concluded. These notifications would include offers of identity protection services and related resources. The Office of the Chief Human Capital Officer, under Assistant Administrator Bob Gibbs, emphasized information security as a top institutional priority and confirmed ongoing efforts to harden all servers. NASA concurrently reviewed its cybersecurity processes and procedures to align with contemporary security standards. Employees were directed to contact the Enterprise Service Desk via phone, web portal, or email for additional inquiries regarding the incident.