According to a media update released by US Census Bureau, hackers launched a cyber attack on the website database in January 2020 with an intention to access or steal data. However, the IT staff of the government organization took control of the situation and blocked the access and the malicious intentions before any serious incident took place.
The Census Bureau issued an update that the attack took place as hackers tried their best to exploit a Citrix Vulnerability to remotely execute a malicious code. However, they achieved success only to infiltrate one of the computer networks that was used by remote workers to access agency records.
Officials from Census Bureau states that the server that served remote workers was not having the potential to store or handle records related to the population count and had no connection to Decennial Census Network that was useful to record and process information from field workers.
The data breach did not go well with the Office of the Inspector General as it reacted to the published report harshly by criticizing the agency’s failure to protect the data of the US citizens by fixing the vulnerability on time.
A source reporting on the condition of anonymity states that the software and hardware that was being used by the population counting agency were obsolete as it failed to even keep an official count of system logs and was no longer supporting products and services supplied by American Tech vendors.
Note- The flaw was discovered on January 28th, 2020 and is suspected to have occurred on January 11th, 2020, just a month prior to the public disclosure of the Citrix Vulnerability by the National Institute of Standards and Technology (NIST).