Hackers claiming to be affiliated with Anonymous broke into a Census Bureau network and exfiltrated information on users and administrators for a non-confidential bureau database last week.
Information was stolen from Census' Federal Audit Clearinghouse, which maintains and disseminates single audits used to assess whether organizations qualify for federal assistance funding and if they are abiding by all the regulations that accompany that funding.
The hackers pulled down information on thousands of users, including emails, phone numbers, addresses, usernames and password hashes. The data includes information on Census and other federal employees, as well as members of organizations with user accounts for submitting audits to the site.
The four files were then posted on paste sites openly available on the web.
Census Bureau Director John Thompson noted that while the information was taken illegally and is considered a breach of a federal network, the compromised database did not contain any confidential data or personally identifiable information.
"While our IT forensics investigation continues, I want to assure you that at this time every indication is that the breach was limited to this database," Thompson said Friday. "The Clearinghouse site does not store any confidential household or business data collected by the Census Bureau. That information remains safe, secure and on an internal network segmented apart from the external site and the affected database."
Census security officials discovered the breach on July 22, at which point they took the site offline to investigate. The site was still down as of Monday morning.
Early investigations suggest the Clearinghouse was the only database compromised in the intrusion, with no evidence hackers were able to gain access to the Bureau's internal networks, according to Thompson.
"American taxpayers and businesses entrust the U.S. Census Bureau with their information … we do not take this trust lightly and have a good record of keeping confidential information safe," he said. "The IT security office is continuing its investigation and they will further strengthen our security systems based on what they learn."
According to the hackers that posted the files on the paste sites, Anonymous attacked the Census Bureau in protest of the proposed Transatlantic Trade and Investment Partnership between the U.S. and European Union and the Trans-Pacific Partnership with countries from North America and the Pacific Rim.