NASA orders full-disk encryption after laptop theft

Space agency NASA is tightening IT security after a laptop with large amounts of personally identifiable information on its employees was stolen from a locked car in October.

An email from NASA headquarters, published by SpaceRef, says that while the laptop had password protection, the information stored on it was not encrypted.

NASA's IT adminstrator Richard Keegan said that his office is "extremely concerned about this incident" and the agency is now taking steps to mitigate the serious data breach, including mandating full-disk encryption of all portable computers.

"The Administrator and the Chief Information Officer (CIO) have directed that, effective immediately, no NASA-issued laptops containing sensitive information can be removed from a NASA facility unless whole disk encryption software is enabled or the sensitive files are individually encrypted," the email stated.

By December 21, all NASA laptops must have full-disk encryption. Those that do not have it will be withdrawn from service, the agency said.

A data breach specialist, ID Experts, will assess the extent of the issue and write to the affected individuals.

NASA also warned that there may be attempts at identity theft in the aftermath of the data breach.

"All employees should be aware of any phone calls, emails, and other communications from individuals claiming to be from NASA or other official sources that ask for personal information or verification of it.

"NASA and ID Experts will not be contacting employees to ask for or confirm personal information. If you receive such a communication, please do not provide any personal information".