Jira Visibility Controls allows for Breach of PII at NASA
Who: NASA
What was affected: Employee usernames, names, email addresses, and project names.
When it happened: September 2018
How it happened: The reason for the leak was Jira’s visibility controls, which a NASA system admin appears to have mixed up.
Outcome: NASA and US-CERT were notified of the leak on September 3. However, the leaky Jira instance was only fixed on September 25, more than three weeks later.