Jira Visibility Controls allows for Breach of PII at NASA

2019, Breaches, January


What was affected: Employee usernames, names, email addresses, and project names.

When it happened: September 2018

How it happened: The reason for the leak was Jira’s visibility controls, which a NASA system admin appears to have mixed up.

Outcome: NASA and US-CERT were notified of the leak on September 3. However, the leaky Jira instance was only fixed on September 25, more than three weeks later.