"On March 5, 2012, a NASA laptop computer containing sensitive Personally Identifiable Information (PII) was stolen from a NASA KSC employee. We have verified that personal information was contained in the files that were on this laptop at the time it was stolen."
"Originally, a limited number of employees and less sensitive personal data were thought to be on the stolen computer. But as part of the investigation and response to the theft, NASA IT, security and human resource personnel confirmed (through backed-up records of the stolen computer stored on protected agency servers) more precisely what information was contained on that laptop, and it was learned on March 14 that many more employees and more sensitive data, including social security numbers, were involved. NASA is sending "letters of notification," first in the email below, to provide faster notification, and then by paper letter by March 19, to affected employees."
"When Wolf mentioned the recent NASA IG report on computer security and the spate of incidents, Bolden said that he was going to sign a directive and that all portable devices would use encryption. He said he should have known better and that it was his fault that this had not been implemented sooner. Bolden said that he had talked to his staff and that when compared to other agencies' IT security, that NASA was "woefully deficient"."