JAXA: No Sensitive Data Lost in Computer Breach

Japan’s space agency said March 27 that no classified or sensitive technical data were stolen from an employee computer infected with a virus last summer.

The Japan Aerospace Exploration Agency (JAXA) disclosed in January that an employee’s infected computer had possibly leaked technical specifications and operations information on Japan’s space station cargo ship, the H-2A Transfer Vehicle (HTV), along with email addresses and computer system log-in information.

A JAXA investigation of the security breach, which caused the infected computer to send out information sometime between July 6 and Aug. 11, 2011, found that log-in information, email addresses and other data stored on the computer leaked but these data did not include sensitive HTV specifications or operations-related information.

The employee’s compromised user IDs and passwords were “immediately changed” when the breach was discovered last summer. “We also checked all the accessible systems including the NASA system, and found that no one other than the said employee accessed the system,” JAXA said in a March 27 statement on its investigation results. “Therefore, we concluded that there was no unauthorized access while the computer was infected.”

Meanwhile, a new virus sent to the same employee Jan. 6 reinfected the computer, whose virus protection software had not been kept up to date. “We have already taken countermeasures to prevent this in the future,” JAXA said in the statement. “We take this incident very seriously, and would like to further strengthen our security measures.”