From: NASA HQ
Posted: Friday, April 12, 2013
Subject: Breach of Personally Identifiable Information (PII) Update.
From: HQ-NASA INC
Date: April 12, 2013
AGENCYWIDE MESSAGE TO ALL NASA EMPLOYEES:
Point of Contact: Marion Meissner, NASA Headquarters, HQ-Privacy@mail.nasa.gov
Breach of Personally Identifiable Information (PII) Update.
The purpose of this message is to provide an update on the status of the breach of Personally Identifiable Information (PII) that occurred on October 31, 2012. NASA has completed the data analysis of the backup data of the stolen laptop and has compiled the final list of approximately 41,000 individuals whose PII was identified. Notifications to these individuals have been mailed to their home addresses.
If you did not receive a notification letter but want to know for sure whether you have been affected by this incident, or if you received a letter and want to know specifically what PII of yours was on the laptop, you can email HQ-Privacy@mail.nasa.gov and you will receive a response from the HQ Privacy Breach Response Team.
As of now, there is no indication that any of the PII on the laptop has been used for fraudulent purposes as a result of this incident. However, we encourage anyone who receives a letter to take advantage of the services NASA is offering through ID Experts. The deadline to enroll in these services has been extended to May 31, 2013. Additionally, if you have registered with ID Experts and have experienced any suspicious activity, be sure to report it to ID Experts so they can help resolve it.
All required NASA laptops have received the whole-disk encryption software. In order to prevent future data breaches, please be aware that, in addition to activating the encryption software when removing your laptop from a NASA facility, all sensitive files should be individually encrypted. Furthermore, sensitive information sent via email should always be encrypted using Entrust PKI. You also are reminded that, per Office of Management and Budget policy, when sensitive data is no longer required for use, it must be erased or destroyed within 90 days.
If you have any questions regarding the incident, please contact the NASA Headquarters Center IT Security Officer, Ms. Marion Meissner, at firstname.lastname@example.org or 202-358-0585. In addition, frequently asked questions regarding the incident are posted on the NASA Shared Services Center website at https://answers.nssc.nasa.gov/app/answers/detail/a_id/6270 .
A consolidated resource for Privacy Program policy and procedural resources can be found at: http://privacy.nasa.gov.
// end //