backtop


Print 14 comment(s) - last by Trisped.. on Mar 22 at 1:46 PM

NASA KSC has local law enforcement as well as NASA authorities on the case to see who is behind the breach

NASA had yet another laptop stolen earlier this month, which contained sensitive information on NASA KSC employees such as name, date of birth and social security number.

On March 16, NASA KSC Human Resources sent out an internal email to all employees alerting them that another breach had occurred. The email notes that a NASA laptop computer, which contains Personally Identifiable Information (PII), was stolen from a NASA KSC employee on March 5.

NASA KSC said that the sensitive information on NASA KSC employees released were name, race, national origin, gender, email, date of birth, social security number, contact phone number, college affiliation and grade point average.

NASA KSC has local law enforcement as well as NASA authorities on the case. Recovery services like identity, cyber and credit monitoring will also be made available to NASA KSC employees.

The following is the internal email sent to NASA employees last Friday:

From: KSC-Human-Resources
Sent: Friday, March 16, 2012 5:00 PM
To: KSC-DL-ExchangeWorld-(NASA)
Subject: NASA KSC Laptop Theft

You are receiving this communication to make you aware of a situation involving a potential compromise of Personally Identifiable Information (PII). All affected individuals will receive a subsequent communication through the U.S. mail at their home address. On March 5, 2012, a NASA laptop computer containing sensitive Personally Identifiable Information (PII) was stolen from a NASA KSC employee. We have verified that personal information was contained in the files that were on this laptop at the time it was stolen.

The files included information on NASA KSC employees such as name, social security number, race, national origin, gender, contact phone number, e-mail, date of birth, college affiliation, and grade point average.

Local and NASA law enforcement authorities are now conducting inquiries into the theft and the resulting potential for compromise of sensitive information.

NASA takes this loss very seriously and has convened a Breach Response Team to address this situation.

The team also is reviewing current policies and practices to determine what steps must be taken and what changes must be made to preclude a similar occurrence in the future. We do not believe that the PII contained in the files on the laptop computer was the motive for the theft. In addition, because the laptop computer was password protected, we also believe the probability is low that the information will be acquired and used for an unlawful purpose. At this time, there is no evidence to suggest that there has been any attempt to misuse any of your personal information.

However, we cannot say with certainty that PII is safe, so KSC has arranged with a company called Idexperts to provide affected individuals with cyber, identity, and credit monitoring and recovery services to help protect their identity, without cost, for a period of one year from the time of registration.

Next week a letter including a unique fraud monitoring enrollment code assigned by Idexperts will be mailed to affected individuals at their home address. This unique code will allow those affected to enroll with Idexperts to begin monitoring services (Note: recovery services are retroactive to March 5).

Employees who want to activate the monitoring service prior to letter receipt should send an email request to KSC-DL-Privacy-Manager@mail.nasa.gov from their government email address. We encourage those affected to take advantage of this free service. Additional information on identity theft can be found on the Federal Trade Commission web site: www.ftc.go. The web site also provides other valuable information that can be used now or in the future if problems should develop.

We deeply regret and apologize for any inconvenience and concern this breach may cause you.

Should you have any questions, a dedicated phone line is available for support at (321) 867-8905 between 7:30 am and 4:00 pm (Monday through Friday).

Tracy (Anania) Wetrich
Director of Human Resources
NASA, Kennedy Space Center
Phone: (321) 867-XXXX
Fax: (321) 867-XXXX


At the start of this month, it was discovered that NASA's International Space Station (ISS) control codes were stolen from NASA laptops. As a result, NASA engineers had to terminate certain parts of the station's software.

From April 2009 to April 2011, a total of 48 laptops were stolen from NASA. It was found that only 1 percent of laptops were encrypted, and that NASA's IT department seldom patches its computers.

NASA Inspector General Paul K. Martin said those that hacked NASA's laptops ranged from attention-seeking young adults to "criminal enterprises."

"These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries' objectives," said Martin.

While NASA continues to battle with the incompetency of its IT department, it's also trying to focus on pulling off other endeavors like finding a way for American astronauts to get to the ISS without depending on Russia. After retiring its space shuttle program last year, American astronauts have had to ride on Russian Soyuz rockets to the ISS in order to deliver supplies, which costs about $60 million per seat. NASA currently has a contract with SpaceX, a California-based private commercial space transport company, to develop vehicles for unmanned and manned space missions for America.

Source: Space Ref



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Race?
By CityZen on 3/21/2012 9:53:21 AM , Rating: 2
quote:
the sensitive information on NASA KSC employees released were name, race , national origin, gender, email, date of birth, social security number, contact phone number, college affiliation and grade point average


Race??? I find it somewhat surprising that NASA's Human Resources Dept. would care about employees' race. But I'm neither American nor do I live in the USA, so it may not be as surprising to Americans




RE: Race?
By ShaolinSoccer on 3/21/2012 10:40:50 AM , Rating: 2
In the USA, most government forms ask what your race is.


RE: Race?
By FITCamaro on 3/21/2012 12:22:12 PM , Rating: 2
Well yeah. Don't you know that caring about race is how we prove we don't care about race in the US? How else are we going to prove we're all the same if we don't collect information that infers we're different?


RE: Race?
By geddarkstorm on 3/21/2012 1:45:21 PM , Rating: 2
It's the sort of backwards cognitive dissonance that makes my heard hurt to think about.


RE: Race?
By Trisped on 3/22/2012 1:35:20 PM , Rating: 2
We are not all the same. Some are short then average, some are taller then average, some are fatter then average, some are smarter then average.

We are not all the same, which is why we have personally identifiable information like where we live, our phone number, and photo ids.

Personally I think culture is more important than race, as culture is more likely to affect your actions. I would only use race to help me visually identify someone if I did not have a picture ID.


RE: Race?
By Donovan on 3/21/2012 11:06:21 AM , Rating: 2
They probably don't care per se, but they do need to track the overall statistics for public disclosure. It's common for large employers to track those statistics, though the employee can generally decline to state when asked.

The statistics can be useful in protecting/defending from racial discrimination claims, and could also show if you are eligible for some grant or program that is targeted at underrepresented minorities.


RE: Race?
By FITCamaro on 3/21/2012 12:23:38 PM , Rating: 2
Was nothing that exemplified irony more at my last company than getting two emails in the same day. One touting how we didn't care about what race people are. The other asking for our race so they could make sure we were caring about race in our hiring to satisfy the government.


RE: Race?
By mmatis on 3/22/2012 12:16:03 PM , Rating: 2
NASA management, especially Senior management, is specifically evaluated on how well they do for Affirmative Action. I expect that most other FedGov management has similar requirements in their Performance Plans.


NASA's IT...
By mmatis on 3/21/2012 9:38:20 AM , Rating: 2
has been contracted out for quite some time now. While there are NASA managers who do "insight" into what the contractor is doing, day-to-day operations are ALL done by the contractor and his employees. But then that is largely no different from how NASA management was running the entire manned space program while it was still alive. Why does any government employee need to approve ANY actions by the contractor? Surely the contractor and his employees will tell the government before they screw anything up. And once things DO go south, they can always blame the government for the f**k-up, as has been done here. Nothing to see here, folks! Move along!




RE: NASA's IT...
By gamerk2 on 3/21/2012 9:50:58 AM , Rating: 4
To be fair, this is what you get when you outsource core functions in an attempt to save money.


RE: NASA's IT...
By JediJeb on 3/21/2012 3:06:53 PM , Rating: 2
Sounds like it should be required that the IT department require that the HR department run their laptops as dumb terminals attached to a secure server so that even if a laptop was lost there would be on information of value on them. Anyone working from home in our lab does this, we just remote in to our work computers and run things that way, and our outer offices all work from computers connected to the Citrix server in house, why can NASA or the government as a whole figure out something this simple to safeguard our data.


RE: NASA's IT...
By Strunf on 3/22/2012 8:56:57 AM , Rating: 2
The thing is your system only works if you are connected, it works quite easily if you only use a PC at home, but with the advent of mobile devices people tend to copy work everywhere from their laptops to their smartphones, I wouldn't be too surprised if the number of lost sensitive date increases at the same rate as the use of mobile devices! Mobility comes at a price, companies should keep this in mind if they really care about security.


LOL
By Gondor on 3/21/2012 3:45:52 PM , Rating: 2
The first thing that crossed my mind when reading the post was "how long before Apple's lawyers come knocking over 'abuse' of their troll patent regarding processing of context-sensitive information within a document" (such as telephone numbers) :-) Jason ?




Incompetence
By Trisped on 3/22/2012 1:46:39 PM , Rating: 2
quote:
In addition, because the laptop computer was password protected, we also believe the probability is low that the information will be acquired and used for an unlawful purpose. At this time, there is no evidence to suggest that there has been any attempt to misuse any of your personal information.
A Windows password will not protect data from anyone with physical access to the machine and a little tech know how.




"If a man really wants to make a million dollars, the best way would be to start his own religion." -- Scientology founder L. Ron. Hubbard














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki