The internal app called JIRA has been labeled as the cause of a leak in vital employee and project information relating to the National Aeronautics and Space Administration (NASA). It’s been named that a misconfiguration bug in the app that allowed access to this information through the internet.
Settings within JIRA were not correctly set, allowing unauthorized access to the secure information. The bug revolves around a bug reporting error, where staff would submit troubles on projects that they were working on.
Information that was leaked ranges from internal user details for JIRA, around 1000 employee names and mail ids, as well as details on what these employees were working on, potentially revealing what projects that they could have been associated with. It’s not known if any confidential information was released.
Three weeks after being alerted to the flaw, NASA was said to have fixed the bug, again securing the information from the public. Some reports say that an internal memo announced that the breach in information on vital employee information of civil service employees who were associated with NASA from July 2006 to October 2018 may have been affected.