Who: NASA

What was affected: Employee usernames, names, email addresses, and project names.

When it happened: September 2018

How it happened: The reason for the leak was Jira’s visibility controls, which a NASA system admin appears to have mixed up.

Outcome: NASA and US-CERT were notified of the leak on September 3. However, the leaky Jira instance was only fixed on September 25, more than three weeks later.