Anonymous has claimed responsibility for a cyber-attack on the US Census Bureau which resulted in the posting of personal employee data online.
The online collective ‘fessed up in a tweet on Wednesday, with four JustPaste links to the information.
The breached data appears to include email addresses, phone numbers, job titles and names of various employees.
The Census Bureau collects data on each US citizen every decade and, ironically, claims on its website to “honor privacy” and “protect confidentiality.”
A statement from the Bureau sent to The Register had the following:
“The US Census Bureau is investigating an IT security incident relating to unauthorized access to non-confidential information on an external system that is not part of the Census Bureau internal network. Access to the external system has been restricted while our IT forensics team investigates.
Security and data stewardship are integral to the Census Bureau mission. We will remain vigilant in continuing to take every necessary precaution to protect all information.”
The motivation for the attack appears to have been anger at the secretive trade agreements the Trans-Pacific Partnership (TPP) and Transatlantic Trade and Investment Partnership (TTIP), which the Obama administration is currently negotiating.
Although designed to remove trade barriers between the US, Europe and Asian countries, there are fears, as with any such deal, that the agreements could lead to a loss of US sovereignty and jobs.
The hack brings to mind the recent incursion into the Office of Personnel Management (OPM), for which China is the chief suspect.
However, it’s nowhere near as bad as that particular breach, which exposed highly sensitive data on over 22 million current and former government employees and their family members.
Particularly damaging, especially if a nation state was behind the attack, was the capture of data related to background screening checks for those applying for security clearance jobs, including roles in the military and intelligence services.
Such information could be used in follow-up spear-phishing attacks or even to blackmail or recruit spies, it has been suggested.