The agency said that no NASA notebook can leave NASA facilities unless full disk encryption is enabled or the files that contain sensitive information are individually encrypted.
NASA has initiated a program to encrypt all notebooks until November 21. Computers without whole disk encryption cannot be taken off NASA premises anymore. Teleworkers are advised to use loaner notebooks instead of NASA devices.
While NASA has not provided details about the theft, it apparently has been an event that is affecting a significant number of people. The laptop, which was stolen from an employee's locked vehicle apparently contained "records of sensitive personally identifiable information (PII) for a large number of NASA employees, contractors, and others."
An email sent to NASA employees stated that the computer was password-protected, but did not have whole disk encryption, which indicates that the data "could be accessible to unauthorized individuals."