A recent NASA breach involving a stolen laptop has the government agency's data security teams on high alert. According to Datamation, all employees will now be required to have their laptops fully encrypted, as the agency said in a memo that the stolen laptop contained unencrypted employee personal information. The memo also said employees need to be particularly careful about screening any unsolicited or mysterious communications that may be looking to phish information from the agency.
InformationWeek is reporting that in addition to having the full-disk encryption on employee computers, security consultants have been recruited to identify and notify employees who have been affected by the breach, especially those who may be at an elevated risk for credit or identity theft.
"All employees should be aware of any phone calls, emails, and other communications from individuals claiming to be from NASA or other official sources that ask for personal information or verification of it," the internal memo said, according to SpaceREf. "NASA and [its security consultants] will not be contacting employees to ask for or confirm personal information. If you receive such a communication, please do not provide any personal information."
According to the memo, the laptop contained documents that were issued to an employee from headquarters. The computer allegedly was stolen from a locked vehicle. There were records with personal identifiable information of a large number of employees at NASA, contractors and other employees, the memo said. There was password protection on the laptop, but nothing was encrypted, leaving much of this sensitive information vulnerable to unauthorized viewing.
Not a first for NASA
A report from PC Magazine said this wasn't the first time that NASA has lost sensitive information via a laptop, so the move to full encryption isn't a huge shock for anyone. Inspector General Paul Martin informed a Congress committee that an unencrypted laptop was stolen in March 2011, which contained codes to control the International Space Station. With so much of this information easily accessible by thieves due to the unencrypted nature of the laptops, it's surprising that NASA hasn't brought in a higher level of data security until now, but the full encryption should help keep things a bit more safe around the space agency.
Data Security News from SimplySecurity.com by Trend Micro.