A civil servant with the Kennedy Space Center’s human resources office reported on March 5, that an agency laptop computer was stolen from the employee’s personal vehicle outside the employee’s home in Orange County.
Officials said the laptop contained personal information. An email about the incident was sent to about 2,300 affected employees and student co-ops at KSC Friday afternoon. They said while the probability is low that KSC’s employees’ personal information will be exploited, NASA is responding to this from a “worst case scenario” perspective to help prevent any personal or financial harm from coming to the employees whose information was in the stolen laptop.
NASA said it is providing each affected employee with one year’s worth of free cyber, identity, and credit monitoring and recovery services. Originally, a limited number of employees and less sensitive personal data were thought to be on the stolen computer. But as part of the investigation and response to the theft, NASA IT, security and human resource personnel confirmed (through backed-up records of the stolen computer stored on protected agency servers) more precisely what information was contained on that laptop, and it was learned on March 14 that many more employees and more sensitive data, including social security numbers, were involved.
Officials said additional steps will be taken to help protect sensitive data, such as a full review of current IT security policies and practices with the goal of making changes to prevent a similar incident. Besides the current password protection, all laptop computers at KSC, not just ones with sensitive data, will have their hard drives encrypted by September 2012. They said the plan was in works before the laptop was stolen.