NASA plans to implement full disk encryption on laptops after a security breach affected thousands of employees and contractors in the US, according to Infoworld.com.
“Although the laptop was password protected, it did not have whole disk encryption software, which means the information on the laptop could be accessible to unauthorized individuals,” Keegan told employees. “We are thoroughly assessing and investigating the incident, and taking every possible action to mitigate the risk of harm or inconvenience to affected employees.”
The stolen device contained Personally Identifiable Information” (PII) about several NASA employees, contractors and contacts. Victims will receive free credit and identity theft monitoring as well as insurance in case of identity theft.
Keegan also said it may take up to 60 days for all individuals impacted by the breach to be identified and contacted. The data breach marks the second time this year that a NASA laptop containing unencrypted sensitive information was stolen.
The agency was also exposed after Iranian hackers exploited a SSL certificate vulnerability. By using a HTTPS protocol scanner, cyber-criminals gained control over the certificate, exposing classified information, emails and accounts of thousands of NASA researchers.
A NASA subdomain was also hacked in September by â€œGr33nRageâ€, who allegedly managed to log in to the American Jet Propulsion Laboratory. To keep police away, the attacker swore he didnâ€™t download any sensitive data.
The agency reported the loss or theft of 48 mobile computing devices only between April 2009 and April 2011.