Late last week, officials discovered the Census Bureau’s Federal Audit Clearinghouse site experienced a data breach and was hacked. Details of the hack are shared below in an article from The Federal Times. The news of another hack is concerning, but by no means a shock. The biggest news in this recent release is that the site was taken down over a week ago and is still not up. I can’t imagine that the Census Bureau had a Recovery Time Objective of 1 week and counting in their Disaster Recovery Plan? If this were your business, the money lost in downtime costs in the event of this disaster could jeopardize your future…
Hackers claiming to be affiliated with Anonymous broke into a Census Bureau network and exfiltrated information on users and administrators for a non-confidential bureau database last week. Information was stolen from Census’ Federal Audit Clearinghouse, which maintains and disseminates single audits used to assess whether organizations qualify for federal assistance funding and if they are abiding by all the regulations that accompany that funding.
The hackers pulled down information on thousands of users, including emails, phone numbers, addresses, usernames and password hashes. The data includes information on Census and other federal employees, as well as members of organizations with user accounts for submitting audits to the site.
The four files were then posted on paste sites openly available on the web.
Census Bureau Director John Thompson noted that while the information was taken illegally and is considered a breach of a federal network, the compromised database did not contain any confidential data or personally identifiable information.