NASA Hack: U.S. Space Agency Warns Data Potentially Stolen in New Cyber Breach

U.S. space agency NASA has disclosed a potential data breach on undisclosed computer servers that may have exposed the personal details of some employees.

NASA assistant chief Bob Gibbs confirmed in an internal memo sent Tuesday that an investigation into the incident started on October 23.

Read more: Is Hola safe? Free VPN is severe security risk, experts warn

One targeted system was reportedly hosting personally identifiable information (PII) and it is believed social security numbers (SSNs) of staffers may have been compromised.

In the memo, Gibbs wrote: "NASA cybersecurity personnel took immediate action to secure the servers and the data contained within. NASA and its Federal cybersecurity partners are continuing to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals." He warned: "This process will take time."

Officials said the internal memo—which labeled the probe a "top agency priority"—was sent out to all NASA employees this week regardless of whether or not they were impacted.

While the full scope of the potential breach remained unclear at the time of writing, the agency noted it likely involved data from between July 2006 and October 2018. NASA bosses stressed it is not believed that any agency missions were jeopardized by the cyber incidents, plural.

The memo was first published by SpaceRef.

"Even the best and brightest can fall prey to hacking," reacted Craig Young, a computer security researcher for Tripwire, a cybersecurity company based in Portland, Oregon.

The space agency has for years been a lofty target for hackers and cyber-activists.

In 2016, a unit called "Anonsec" claimed to have stolen gigabytes of secretive NASA files. In a lengthy spiel posted online, the collective claimed to have obtained "semi-partial control of a NASA drone." Nasa denied the claims, especially that its drone had been compromised.

Back in 2011, a Texas man was sentenced for hacking into computer networks at a Minnesota business and at NASA. Jeremy Parker, 26, admitted hacking servers that supported access to data being sent to Earth from satellites gathering oceanographic data, the FBI said.

Also in 2011, hackers were reportedly able to gain "full functional control" of NASA computers. U.S. politicians were later told the attack involved Chinese IP addresses, the BBC reported.

In 2005, alleged hacker Gary McKinnon found himself at the center of an extradition battle after he was accused of hacking NASA computers. He said he was looking for UFO evidence.

In 2012, his extradition to the U.S. was blocked by now-Prime Minister Theresa May.

In the wake of the latest incident, Sam Curry, chief security officer at Cybereason, questioned why it took the agency so long to report the suspected incident to the staff.

He said: "It's common for it to take time to gather data, understand what's happening and then take action and begin the healing process. It takes time but only so much time.

"The first priority should be to limit harm and help the victims while also ensuring that the breach is remediated, but after that it's time to go into the more painful mission phase and learn from the results.Countermeasures are important, but we the public want to know that this government agency is learning from the past.

"We want the agency to get better because PII and employee privacy are vital. There are many things at NASA in the national security domain and are of vital importance to the nation."