A misconfiguration flaw in an internal App JIRA of the US National Aeronautics and Space Administration (NASA) exposed the sensitive internal data including the personal information of some current and former employees.
NASA has sent an internal memo to all employees stating that an unknown intruder has gained access to their servers, in which personal information of employees was stored.
The breach was first discovered on October 23, and since then the agency is working with them to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals.”
According to the report, the exact number of people affected by this breach is not known. However, the agency has taken all the preventive action to further control the damage.
“Those NASA Civil Service employees who were on-boarded, separated from the agency, and/or transferred between Centers, from July 2006 to October 2018, may have been affected,” Bob Gibbs, NASA Assistant Administrator said in the memo.
“Once identified, NASA will provide specific follow-up information to those employees, past and present, whose PII was affected, to include offering identity protection services and related resources, as appropriate,” he said.
Meanwhile, the full investigation of the matter “will take time.”