We know what it’s like when a precious piece of tech goes missing: Our hearts palpitate, we have trouble breathing, and we try to keep panic at bay long enough to do an inventory of what exactly we had stored there. Some of us are lucky enough to find/recover the MIA device; others aren’t so lucky. Well, this time the unlucky was joined by none other than NASA itself.
Personal data of staff members was seriously compromised when a laptop was stolen from an employee’s vehicle. The worst part? There was no encryption, just the standard password protection that many hackers worth their salt could infiltrate.
NASA had the unenviable task of informing its employees about the security breach this week:
On Oct. 31, 2012, a NASA laptop and official NASA documents issued to a headquarters employee were stolen from the employee’s locked vehicle. The laptop contained records of sensitive personally identifiable information for a large number of NASA employees, contractors and others. Although the laptop was password protected, it did not have whole disk encryption software, which means the information on the laptop could be accessible to unauthorized individuals. We are thoroughly assessing and investigating the incident and taking every possible action to mitigate the risk of harm or inconvenience to affected employees.
Yikes. And this is the second time this year that a staffer’s laptop was stolen. But all that pales in comparison to what happened a few years before: In 2004, several computers across NASA sites were hacked — among them, terminals in its Jet Propulsion Laboratory in Pasadena, CA.
You’d think IT would have tighter security than this. And indeed, as if to pour salt in the wound, this particular laptop was scheduled to have a security and encryption upgrade. Too bad it didn’t happen before the theft, but NASA says it is putting whole-disk encryption on all of its laptops by Dec. 21.