Earlier this year, NASA reported 48 laptop thefts between 2009 and 2011, citing a need for increased security and encryption of its devices. Now, little more than six months later, the agency is reporting another laptop being stolen and is warning its employees of the potential breach.
SpaceRef.com reported that NASA alerting its employees with this message (emphasis added) :
On Oct. 31, 2012, a NASA laptop and official NASA documents issued to a headquarters employee were stolen from the employee’s locked vehicle. The laptop contained records of sensitive personally identifiable information for a large number of NASA employees, contractors and others. Although the laptop was password protected, it did not have whole disk encryption software, which means the information on the laptop could be accessible to unauthorized individuals. We are thoroughly assessing and investigating the incident and taking every possible action to mitigate the risk of harm or inconvenience to affected employees.
Employees and contractors for the agency were told to be wary of communications coming from people claiming to be with NASA trying to confirm personal information. NASA stated that although it has experts investigating the breach, they will not be asking employees for personal information.
Letters will be sent to individuals who might be impacted by the breach. The specialists brought in by the agency will provide services to those affected.
The notice posted on Spaceref, which was from Associate Deputy Administrator Richard Keegan Jr., stated that the administrator is concerned that yet another laptop has been stolen. Effective immediately, the IT department has been directed that "no NASA-issued laptops containing sensitive information can be removed from a NASA facility unless whole disk encryption software is enabled or the sensitive files are individually encrypted."
The New York Times reported NASA spokeswoman Beth Dickey saying that this laptop specifically was scheduled for encryption but it hadn't been done yet.
According to Keegan's message, as many laptops should be running whole-disk encryption by Nov. 21, but the entire effort should be complete by Dec. 21. At this point, there shouldn't be a NASA-issued laptop -- regardless of the presence of sensitive information or not -- without this type of software.
"NASA regrets this incident and the inconvenience it has caused for those whose personal information may have been exposed," Keegan wrote.
Featured image via Shutterstock.com.
(H/T: IEEE Spectrum)