Stolen NASA laptop contained unencrypted staff information

Tools

A laptop containing a large amount of sensitive personal information of NASA employees was stolen from an employee's locked car on Oct. 31. According to the National Aeronautics and Space Administration, the laptop contained personally identifiable information of "at least" 10,000 NASA employees and contractors.

According to a NASA spokeswoman, the stolen laptop was scheduled to receive full disk encryption, as part of an ongoing, agency-wide effort. It would appear though that it just hasn't been done yet on that particular device.

For now, the agency has contracted data breach specialist ID Experts to provide identify theft and credit monitoring services at no cost to those affected. In addition, no NASA-issued laptops that contain sensitive information can now be removed from a NASA facility without full disk encryption or individual files being encrypted. The agency says it plans for all laptops to be running full-disk encryption before Christmas--by December 21.

According to InformationWeek, an IT executive spoke about user resistance to the recent implementation of data-at-rest encryption on PCs. The complaint was that the encryption tool interfered with some of the tools, likely due to the additional step required to decrypt protected archives.

It is worth noting that full disk encryption doesn't suffer from this problem, though cost may have kept it from being implemented on an agency-wide level. Indeed, we have previously reported on FDE and that because it is insufficiently robust, it is stymieing the efforts of federal intelligence agencies to access data.

For more:
- check out this notice at NASA HQ
- check out this article at NYT Blogs
- check out this article at InformationWeek

Related Articles:
Intelligence agencies stymied by full disk encryption
Seagate introduces full disk encryption laptop drives