U.S. Census Bureau Gets Hacked, Takes Fast Action to Correct Issue
NEWS ANALYSIS: The U.S. Census Bureau is the latest government agency to fall victim to a hack, this is one caused by an IT misconfiguration.Add the U.S. Census Bureau to the list of U.S. government agencies that have been the victim of an IT security attack in recent months. While the Census Bureau's admission that it was attacked is not a surprise, the details on how the attack was able to happen reveals an IT security vulnerability that is common across many types of technology deployments and industries. Census Bureau Director John H. Thompson publicly confirmed on July 24 that his agency was breached in an incident that exposed non-confidential information from the Federal Audit Clearinghouse that was contained in an external-facing IT system. "It appears the database was compromised through a configuration setting that allowed the attacker to gain access to the four files posted to the hacker's site," Thompson explained in a blog post. Thompson stressed that after several days of auditing there was no indication that any confidential information or access to internal systems was gained by the attackers. Going a step further, within 90 minutes of learning about the breach, the Census Bureau made the impacted system inaccessible.
The Census Bureau attack follows the public disclosure of the massive attack against the U.S. Office of Personnel Management (OPM), which impacted 25.7 million Americans. Unlike the OPM breach, the damage from the Census Bureau breach, it appears, is minimal. Also unlike the OPM breach, the root cause of the Census Bureau attack seems to have been quickly identified as a misconfiguration.