CAPE CANAVERAL, Florida (Reuters) - NASA was informing employees this week that a laptop computer with personnel information such as social security numbers was stolen from a locked car two weeks ago, potentially putting thousands of workers and contractors at risk.
The laptop, issued to an employee at NASA headquarters in Washington, was password protected but its disk was not fully encrypted, NASA wrote employees in a letter dated Tuesday and distributed this week.
“Information on the laptop could be accessible to unauthorized individuals,” wrote Richard Keegan, the agency’s associate deputy administrator.
The security breach affects thousands of employees and contractors at NASA facilities around the United States.
The agency is investigating the theft. It also has hired ID Experts, a data breach specialist, to follow up with individuals whose information was on the computer.
“Because of the amount of information that must be reviewed and validated, it may take up to 60 days for all individuals impacted by this breach to be identified and contacted,” Keegan said.
NASA Administrator Charlie Bolden banned the removal of unencrypted laptops containing sensitive information from any NASA facility and ordered security software upgrades to be finished by December 21.
The agency also warned employees about storing sensitive data on smart phones and mobile devices.
The agency is offering employees free credit-monitoring services and other support.
The laptop theft is the latest in a string of NASA security breaches over the past few years. In March, a Kennedy Space Center worker’s laptop that contained personal information on about 2,300 employees and students was stolen.
A NASA inspector general report this year determined 48 NASA laptops and mobile computing devices were lost or stolen between April 2009 and April 2011, many containing sensitive data.
Editing by Philip Barbara