Hacked US Census Bureau staff to take anti-phishing classes
What was that about horses, stable doors and bolts?
The US Census Bureau has asked for additional IT security training for its staff – including tips on how not to fall for phishing emails – in the wake of last week's server breach.
The bureau said in a blog post over the weekend that the hackers who managed to pull employee records from its computers did so by targeting the Federal Audit Clearinghouse – which is a service provided by the bureau for the federal government.
"While our IT forensics investigation continues, I want to assure you that at this time every indication is that the breach was limited to this database, and that it did not include personally identifiable information provided by people responding to our censuses and surveys," wrote Census Bureau director John H Thompson.
The bureau has maintained throughout the investigation that the employee records the hackers obtained and leaked online was not confidential, and included basic information such as work email addresses and job roles. Usernames and hashed passwords for various internal database accounts were also dumped online by the Anonymous hackers.
Despite downplaying the severity of the leak, it appears that the US Census Bureau is indeed scrambling to improve security in the wake of the network breach. Among the top priorities are training for its staff members on security best practices.
The listing asks for a contractor to develop and maintain a custom training and support portal for as many as 50,000 bureau employees who would be shown how to spot and handle potential phishing and targeted spear phishing attacks. We wonder why. ®