You would think that of all the companies and organizations, NASA – an independent agency, responsible for the civilian space program, as well as aeronautics and aerospace research – would have implemented the highest data protection security measures. However, a data breach occurred, and personal data of agency’s employees were exposed (names, email addresses, their roles on assigned projects, information about current NASA projects and upcoming tasks). This happened due to possible misinterpretation of the definition “all users” when assigning permissions to newly-created dashboards within the web app. Allegedly, system administrator provided the access to “everyone” (human error results around 88% of the reported breaches). This allowed public to see the full list of NASA employees, get to know the categorization of projects and tasks for at least 3 weeks.
Moreover, this is not the only data breach that NASA suffers. Back in October 2018, hackers accessed one of NASA servers which contained personally identifiable information (PII), which housed social security numbers and other sensitive data.
LEARNING TIP: Human error causes 4 out of 5 data breaches (in UK). Lack of training, unclear responsibilities or imprudence, can give rise to error (confidential data emailed to the incorrect recipient, loss or theft of paperwork, data left in an insecure location and others). In order to avoid possible human errors, clear directions should be given to each employee about their responsibilities. Also, training should take a place after adapting new technical or organizational security measure. Employees must be well informed on how to recognize a threat and what to do in case of an accident.
Also, decent technical and operational security measures should be implemented. This should be done in order to protect the data from cyber attacks and other possible threats.