The U.S. Census Bureau admits that it was attacked and had data exfiltrated from its systems. One expert says this latest government data breach is another example that federal systems are not safe from attack.
The U.S. Census Bureau admitted that it is the latest federal agency to suffer a data breach, but asserted that the data stolen did not include any personally identifiable information (PII) related to censuses and surveys.
Census Bureau Director John H. Thompson said in a blog post that there was an attack detected early last week that targeted the Federal Audit Clearinghouse (FAC). Thompson described the FAC as being “used to collect single audit reporting packages from state and local governments, nonprofit organizations, and Indian tribes expending Federal awards.”
Infamous hacker group Anonymous has taken credit for the attack, and said it was in protest against the Transatlantic Trade and Investment Partnership and Trans-Pacific Partnership, which are controversial trade agreements currently being negotiated between the U.S. government and other nations.
Thompson did not give any specific details about the breach, saying only that “the database was compromised through a configuration setting” and that no PII data was taken. Thompson described the data stored on FAC as names, user names, email addresses, organization addresses and phone numbers.
“The hackers acquired the data illegally, but, as I indicated above, the Clearinghouse site does not store any confidential household or business data collected by the Census Bureau,” Thompson wrote. “That information remains safe, secure and on an internal network segmented apart from the external site and the affected database. Over the last three days, we have seen no indication that there was any access to internal systems.”
According to Thompson, the FAC system was shut down within 90 minutes of when the breach was detected, and will stay down until the investigation has been completed and security can be assured.
While the information stolen in this latest government data breach was not critical, Mark Kuhr, co-founder and CTO at Synack Inc., said the incident is more evidence beyond the OPM breach that the U.S. government is not safe from cyberattacks.
“Government agencies seem to have just as much trouble protecting sensitive data as the largest corporations in the world, as evidenced by the fact that this is the second federal government breach in a matter of months,” Kuhr said. “While there is a general notion that government agencies are unilaterally prepared when it comes to protecting against threats, this is fundamentally false. Whether the actor is a foreign government or hacktivist group, the Census Bureau breach is another example of a large organization that struggles to keep up with an ever-evolving adversary.”