The hacking collective Anonymous says it is responsible for a breach of the United States Census Bureau's nonconfidential networks. The group tweeted about the attack on Wednesday and began posting links to troves of data and documents it had obtained.
The data includes usernames and work phone numbers/email addresses for the bureau's 4,200 employees, plus some names and job titles, information about who works in which department, and lists of internal IP addresses. As the Register points out, most of this information was already available online.
The bureau told the Register and Business Insider in a statement:
The US Census Bureau is investigating an IT security incident relating to unauthorized access to non-confidential information on an external system that is not part of the Census Bureau internal network. Access to the external system has been restricted while our IT forensics team investigates.
Security and data stewardship are integral to the Census Bureau mission. We will remain vigilant in continuing to take every necessary precaution to protect all information.
Anonymous says that the hack is in protest of Obama administration trade negotiations related to the Trans-Pacific Partnership, or TPP, and Transatlantic Trade and Investment Partnership, or TTIP. In a story about the negotiations published Friday, the Economist explained:
Gauging the exact benefits of the TPP is tricky, not least because the trade talks are still confidential. Critics have bemoaned the lack of disclosure but conducting negotiations in the open would have been a sure way to undermine them. Governments will have several months to review the final deal before deciding whether to give their assent.
Though the breach isn't as severe as the OPM hack disclosed last month, it evokes familiar feelings and potentially exposes the Census Bureau to more intense and refined phishing attempts. Monzy Merza, a security specialist at the data analysis firm Splunk, said in an email statement, "My real concern is that [the OPM hack] desensitized the public and government officials to smaller but still damaging breaches like the attack on the Census Bureau. ... Organizations need to understand who is accessing their networks, from where, and for how long."
Maybe in August we can try going a whole month without a government hack.