Hackers exploited a credit card-size computer improperly connected to the Jet Propulsion Laboratory’s network to access files undetected for 10 months, according to a report from NASA’s Office of the Inspector General released this week.

Investigators found the La Canada Flintridge-based facility had multiple security weaknesses that reduced “JPL’s ability to prevent, detect, and mitigate attacks targeting its systems and networks, thereby exposing NASA systems and data to exploitation by cyber criminals,” the report states.

JPL, managed by Caltech, is responsible for all of the Mars robotic missions, as well as probes sent to Jupiter, Saturn and beyond.

A spokesperson for JPL referred questions to the Inspector General’s Office.

According to the report, the hackers used a tiny computer called a Raspberry Pi, and a compromised external user account, to log in to JPL’s mission network. They stole 500 megabytes of data across 23 files, including two that contained restricted information related to the Curiosity rover’s mission.

The hack was discovered in April 2018, nearly a year later.

As a result, NASA questioned the integrity of data from the Deep Space Network and temporarily disconnected several space flight-related systems from the JPL network, the report states. NASA’s Johnson Space Center had still not restored its use of certain data as of March 2019 because of continued concerns about its reliability.

The hack revealed JPL did not properly segregate its network. External users and partners, including foreign space agencies and contractors, were not limited to the approved systems and applications, and could access a variety of exploration and human space flight mission data.

This is the latest in a series of cyberattacks that have bypassed JPL’s security over the years.

Chinese-based addresses stole 22 gigabytes of data in 2009 attacks and another 87 gigabytes in 2011, according to the report.

Hackers broke into the NASA facility’s network in 2014, 2016 and 2017 through various security failures, according to the report.

The inspector general criticized NASA’s contract with Caltech for not providing the agency with proper oversight of JPL’s network security. The facility’s inability to protect against cyberattacks places NASA’s status as a global leader in space exploration at risk, the report states.

“Improvements to JPL’s security controls and increased oversight by NASA is crucial to ensuring the confidentiality, integrity and availability of agency data,” the report states.

The Office of the Inspector General made 10 recommendations for improvements to security at JPL and NASA agreed with nine. All of the fixes are expected to be completed over the next year.