NASA ARC Memo: Personally Identifiable Information (PII) Incident


Date: Thursday, June 14, 2007
To: (Recipient list suppressed)
From: Centerwide Announcement
Subject: Personally Identifiable Information (PII) Incident

To: Staff

From: Sylvia S. Longchamps, Chief Information Officer (Acting)

Subject: Personally Identifiable Information (PII) Incident

On Monday, June 11, 2007, a contractor employee accidentally sent an email to 39 recipients at Ames with an attachment containing Personally Identifiable Information (PII) for 426 other Ames contractor employees. The affected employees work for seven organizations under contract to NASA Ames. The companies are: QSS, Tessada, EASI, Eloret, Foothill Community College District, Weigel and Oak Ridge Associated Universities.

The incident was discovered and reported within an hour of the email being sent. The Center immediately initiated an incident response activity to investigate and contain the release of this information. The Ames IT Security Operations Group quickly completed steps to prevent further disclosure, following NASA incident response protocol.

NASA is working with the contractor site management to ensure all the affected employees are notified of the incident and are provided information about how to reduce their risk of identity theft.

We regret that this incident occurred, and I want to reassure you that we are taking all of the appropriate measures to ensure this does not happen again. A more in depth review of the incident will be conducted by an independent organization in consultation with the NASA HSPD-12 Program Manager, NASA Privacy Act Officer, and the NASA Information Assurance Officer.

Any questions about this incident should be directed to Phillip Snyder (mailto:ptsnyder@mail.arc.nasa.gov) or call Phillip Snyder at ext. 4-4592.

Please follow SpaceRef on Twitter and Like us on Facebook.