In an internal memo obtained by Spaceref, NASA's chief human capital officer Bob Gibbs has revealed that the agency suffered a security breach a few months ago. Investigators discovered the breach on October 23rd, and they found that an intruder gained access to a server containing the personal information (including their Social Security numbers) of current and former employees. It's not entirely clear if the data itself was compromised, and the agency still doesn't know the full scope of breach, but Gibbs wrote that "NASA does not believe that any Agency missions were jeopardized by the cyber incidents."
NASA suffered multiple major data breaches within the past few years, showing that the agency's cybersecurity measures could use work. While it relies on private space companies for launches and other services these days, it's likely still in possession of data detailing proprietary technologies and other sensitive information. NASA is far from the only government agency with cybersecurity issues, though: just recently, auditors found that Pentagon's weapons systems and the US ballistic missile system are cybersecurity nightmares.
"NASA and its Federal cybersecurity partners are continuing to examine the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals. This process will take time. The ongoing investigation is a top agency priority, with senior leadership actively involved," Gibbs wrote. He also said that NASA will contact everyone whose details might have been compromised with more details.