US Census Bureau says breach didn't expose household data
- 27 July, 2015 10:41
U.S. Census Bureau headquarters
The U.S. Census Bureau said a data breach early last week did not expose survey data it collects on households and businesses.
The leak came from a database belonging to the Federal Audit Clearinghouse, which collects audit reports from government agencies and other organizations spending federal grants, wrote John H. Thompson, the Census Bureau's director, on Friday.
The exposed information included the names of people who submitted information, addresses, phone numbers, user names and other data, he wrote.
A group calling itself Anonymous Operations posted a link on Twitter leading to four files. The cyberattack was allegedly in protest of the Trans-Pacific Partnership and the Transatlantic Trade and Investment Partnership, two pending trade agreements that have been widely criticized.
Thompson wrote the attackers gained access through a configuration setting. The database was on an external IT system that is separated from an internal system that stores census data, he wrote.
"Over the last three days, we have seen no indication that there was any access to internal systems," Thompson wrote.
The agency continues to investigate the breach while also scanning for vulnerabilities. The system will remain offline.
The Census Bureau breach comes as the U.S. government has suffered several attacks against its infrastructure in recent months.
The U.S. Office of Personnel Management (OPM) has said the personal details of 21.5 million people who underwent background security checks for government jobs were compromised, along with 1.1 million fingerprints. The attackers are suspected to be in China, although the U.S. government has held off officially blaming the country.
Last year, suspected Russian hackers also breached non-classified email systems at the White House and State Department, underscoring the difficulty the government is having securing its networks.
Send news tips and comments to firstname.lastname@example.org. Follow me on Twitter: @jeremy_kirk