Online hacking group Anonymous is taking responsibility for breaching U.S. Census Bureau databases and posting what looks like personally identifiable information on various federal and state government employees.
In a tweet Wednesday, the collective posted a link to a website that houses four large text documents that appear to include the names, email addresses, work addresses and office phone numbers for thousands of current and former federal employees. One of the documents also appears to list information on employees in a number of different states, as well as information on employees of private accounting and auditing firms across the country.
Another document also seems to show password hashes of database users, along with a library of various Oracle database utilities and files.
In a statement, Census spokesman Michael Cook said the bureau is investigating “unauthorized access to non-confidential information on an external system that is not part of the Census Bureau internal network.” Access to that system has been restricted as part of the bureau’s investigation.
The breach was first reported by the U.K. edition of the International Business Times.
The bureau did not comment on whether they discovered the hack themselves or were alerted by another agency.
Anonymous says their motive behind the attack is discontent with two trade deals the U.S. is involved in: the Transatlantic Trade and Investment Partnership, and the Trans-Pacific Partnership. The latter is the controversial trade deal between the U.S. and several Pacific Rim countries that has been a lightning rod on Capitol Hill the past few months. The TTIP is a companion agreement to the TPP between the U.S and the European Union.
Some of the information posted by Anonymous looks to be publicly available. A Google search of some of the state employees listed in one of the documents turned up information attached to public-facing state-run websites.
It’s unknown how many of the names listed are still employed as listed in the leaked documents. In CyberScoop’s searches, some of the names had no current record of employment. Others had contact information posted on federal agency websites.
The attack comes as Washington is on edge in the aftermath of the OPM hack, which saw the information of 22.1 million current and former federal employees exposed.
“Security and data stewardship are integral to the Census Bureau mission,” Cook told Cyberscoop. “We will remain vigilant in continuing to take every necessary precaution to protect all information.”