Lance Bellers - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Another government data breach: U.S. Census Bureau admits to hack

The U.S. Census Bureau admits that it was attacked and had data exfiltrated from its systems. One expert says this latest government data breach is another example that federal systems are not safe from attack.

The U.S. Census Bureau admitted that it is the latest federal agency to suffer a data breach, but asserted that the data stolen did not include any personally identifiable information (PII) related to censuses and surveys.

Census Bureau Director John H. Thompson said in a blog post that there was an attack detected early last week that targeted the Federal Audit Clearinghouse (FAC). Thompson described the FAC as being "used to collect single audit reporting packages from state and local governments, nonprofit organizations, and Indian tribes expending Federal awards."

Infamous hacker group Anonymous has taken credit for the attack, and said it was in protest against the Transatlantic Trade and Investment Partnership and Trans-Pacific Partnership, which are controversial trade agreements currently being negotiated between the U.S. government and other nations.

Thompson did not give any specific details about the breach, saying only that "the database was compromised through a configuration setting" and that no PII data was taken. Thompson described the data stored on FAC as names, user names, email addresses, organization addresses and phone numbers.

"The hackers acquired the data illegally, but, as I indicated above, the Clearinghouse site does not store any confidential household or business data collected by the Census Bureau," Thompson wrote. "That information remains safe, secure and on an internal network segmented apart from the external site and the affected database. Over the last three days, we have seen no indication that there was any access to internal systems."

According to Thompson, the FAC system was shut down within 90 minutes of when the breach was detected, and will stay down until the investigation has been completed and security can be assured.

While the information stolen in this latest government data breach was not critical, Mark Kuhr, co-founder and CTO at Synack Inc., said the incident is more evidence beyond the OPM breach that the U.S. government is not safe from cyberattacks.

"Government agencies seem to have just as much trouble protecting sensitive data as the largest corporations in the world, as evidenced by the fact that this is the second federal government breach in a matter of months," Kuhr said. "While there is a general notion that government agencies are unilaterally prepared when it comes to protecting against threats, this is fundamentally false. Whether the actor is a foreign government or hacktivist group, the Census Bureau breach is another example of a large organization that struggles to keep up with an ever-evolving adversary."

Next Steps

Learn more about the US government's Einstein intrusion defense system

Dig Deeper on Data security breaches

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Do you believe the US government can ultimately secure its systems?
Without an overhaul to its entire system and a centralized approach to security and deployment of updates and releases... no. Government IT is fractious and there are many legacy systems in use that defy comprehensive security.

Essentially: No. Not a chance.

First, more than a few agencies are not even compliant with Government security standards.  Of these, many still have no intention of becoming compliant, preferring to make excuses or rationalizations.  This, even in light of all the recent successful hacks.  This landscape is not limited to Govt, though.  I know of some DoD contractors that are in even worse shape!

Second, Govt operates in 'rice bowl' mode. Each org has its own, which it very vigorously protects from tampering  by the other agencies.  The whole "this is MINE!" mentality.  In this world, it is not even on the radar if they are hacked, as long as some other agency can't TAKE any of their 'rice'.  Losing it or spilling it, or giving it away is fine as long as the dept of XXX doesn't get any!

There is no difference between the e-Gov systems in USA, Germany or the Czech Republic.
Personal data and other documents are interesting
everywhere. ICT security is a big problem.

From JFK speech in 1962 proved by scientists, engineers and workers from the US to design and create the machine into the journey to the Moon and back.
8 years was enough to resolve the many new challenges of the physics, chemistry, work organization and the organization of very large projects.
Creating software is purely a work of man. No problem with cosmic rays, gravity, etc.
In the ICT environment, the situation is the last 10 to 15 years is still the same bad or is getting worse.

Is time for a change. Example - the three laws of ICT security -
I can with certainty declare that most if not all US Government systems are not secured. These types of breaches will continue based on the disparity of systems and lack of security controls across systems, agencies and departments.
It's only a matter of time. Once they find a flaw that grants them access, they will try it with other agencies. The government tends to keep things "status quo" and are most likely using the same security methods.