ESA confirms limited data breach

The European Space Agency (ESA) has confirmed that a data breach occurred, but stated that its impact appears to be limited. According to the agency, only a very small number of science servers were affected, and these systems were located outside ESA’s main corporate network.

Claims about the breach began circulating on 26 December, when a hacker using the alias ‘888’ alleged that more than 200 gigabytes of ESA data had been compromised and put up for sale. The hacker claimed the material included source code, internal project documents, API tokens, and embedded login credentials.

ESA acknowledged the allegations on 29 December and launched a forensic investigation. A day later, the agency stated that its initial findings confirmed unauthorised access but suggested the scope was far smaller than online claims implied.

The affected servers were described as unclassified systems used for collaborative engineering work within the scientific community. ESA said it has already informed relevant stakeholders and taken immediate steps to secure any potentially impacted devices.

The investigation is still ongoing, and ESA has stated that it will provide further updates once the forensic analysis is complete.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!