Once again, a hacker or group of hackers has managed to breach security and access theoretically confidential U.S. government files.
Granted, by modern mass-hacking standards this latest one is pretty minor. Those responsible are believed to be associated with the loose-knit hackers' collective Anonymous (as opposed to, say, the Chinese government, the Russian government, or similarly well-armed non-American state actors).
The hacked personnel files belong to the Census Bureau (rather than the Department of State, the president's own emails and real-time daily schedule, the Office of Personnel Management overseeing the hypersensitive personnel files of every security-clearance holder in the country, or similar bureaus whose data has major national-security value).
The number of Census Bureau personnel whose files were breached appears to be a mere 4,200 (barely a rounding error, compared to the 22 million people whose confidentiality was betrayed in the OPM hack, or the 94+ million Americans whose medical records have been compromised in any of the four major healthcare-related mass hackings discovered thus far since the start of 2015).
As first noted by The Register (UK), via the Cyberguerilla blog, the compromised databases include the usernames, .gov email addresses, and office phone numbers of 4,200 Census Bureau staff. However, one need not be a “hacker” to find such information. Much of it was already available online anyway, and the Census Bureau itself maintains a freely available, online “Census Bureau Staff Search.”
Officials still anti-encryption
From an American national-security perspective, this hacking of minor Census Bureau files was more of an embarrassment than anything else – another reminder (as if you needed any more) that the United States government cannot protect its own data, and yet it doesn't want you protecting yours either.
FBI director James Comey still believes that secure encryption ought to be illegal, on the grounds that if data is encrypted, so that hackers, identity thieves, or hostile governments can't read it without the owners' permission, that means the U.S. government can't read it without the owners' permission either.
Indeed, in early June, less than 24 hours before U.S. government authorities admitted to yet another data-security breach at the Office of Personnel Management, an FBI counterterrorism official told Congress that tech companies should “build technological solutions to prevent encryption above all else,” to ensure the FBI and other government agencies can continue slurping up data without a search warrant or the owners' knowledge.
And if that means hackers can do the same, well, the FBI seems to think it a worthy trade-off.