In response to a security breach, NASA is requiring full disk encryption of its laptops. The agency found out in late Oct. that a laptop containing personally identifying information was stolen from an employee's car. The stolen laptop contained information about contractors, NASA employees and others, Network World reported. NASA did not report how many people were affected by the breach, but the breach has been characterized by some as “large.”
"Although the laptop was password protected, it did not have whole disk encryption software, which means the information on the laptop could be accessible to unauthorized individuals," said Richard Keegan Jr., associate deputy administrator at NASA. "We are thoroughly assessing and investigating the incident, and taking every possible action to mitigate the risk of harm or inconvenience to affected employees.”
Another major breach occurred in March 2012 when a laptop containing personal information of agency employees was stolen from a staff member's vehicle parked at the Kennedy Space Center. Names, Social Security numbers, phone numbers, and more were exposed due to the theft. Following these two breaches, CIOs at all NASA facilities have been ordered to complete disk encryption on the "maximum possible number of laptops" by Nov. 21, and add encryption features to all laptops by Dec. 21. Unencrypted laptops will not be permitted off the premises after that date.