Skip Header

Update on the Census Bureau’s IT Security Incident

Fri Jul 24 2015
John H. Thompson
Component ID: #ti1177656753

Earlier this week, the Census Bureau experienced an attack to gain access to the Federal Audit Clearinghouse, which is housed on an externally facing IT system that contains non-confidential information, such as names of the person submitting the information, organization addresses and phone numbers, site user names, etc.  While our IT forensics investigation continues, I want to assure you that at this time every indication is that the breach was limited to this database, and that it did not include personally identifiable information provided by people responding to our censuses and surveys.

Component ID: #ti1397061133

It appears the database was compromised through a configuration setting that allowed the attacker to gain access to the four files posted to the hacker’s site.  The hackers acquired the data illegally, but as I indicated above, the Clearinghouse site does not store any confidential household or business data collected by the Census Bureau.  That information remains safe, secure and on an internal network segmented apart from the external site and the affected database.  Over the last three days, we have seen no indication that there was any access to internal systems.

Component ID: #ti1749011842

The Federal Audit Clearinghouse is used to collect single audit reporting packages from state and local governments, non-profit organizations, and Indian tribes expending Federal awards.  The federal awarding agencies use the single audit reports to ensure program compliance.  We were in the process of making additional Clearinghouse information available via the Internet next year.  Within 90 minutes of learning of the breach, we made the system inaccessible.  It will remain offline until we can complete our thorough investigation and take steps to ensure the systems integrity in the future.

Component ID: #ti1749011841

However, in light of this breach, we are increasing our efforts to ensure the security of our site.

Component ID: #ti1749011840

We continuously scan our systems to look for vulnerabilities.  The Census Bureau follows every possible precaution and uses the latest IT security standards to make sure our systems remain secure.  In addition, the Department of Homeland Security also runs scans regularly.

Component ID: #ti1749011839

Through our surveys and censuses, American taxpayers and businesses entrust the U.S. Census Bureau with their information to produce statistics about our population and economy. The information we collect helps the nation make informed decisions, from transportation projects to social services to businesses and job creation.  As you know, we do not take this trust lightly and have a good record of keeping confidential information safe.

Component ID: #ti1749011838

The IT security office is continuing its investigation, and they will further strengthen our security systems based on what they learn.  I assure you that we will continue to safeguard the information and data of both the public and our employees.  Your trust is paramount to our mission.

Component ID: #ti1749011837

Updated information (Last updated 12/15/15):

Component ID: #ti1749011836

The following survey sites are back online with resumed data collection activities:

Component ID: #ti1749011835

  • Federal Audit Clearinghouse
    • Due dates between 7/22/2015 – 1/31/2016 are extended to 2/01/2016
    • To access the Federal Audit Clearinghouse, visit:
    • Contact: 1-800-253-0696 /
  • Survey of Sexual Victimization
    • To access the 2014 SSV, visit:
    • Contact: 1-800-253-2078 /
  • Annual Survey of State Government Finances
    • Contact: 301-763-1503 /State Finance and Tax Statistics Branch/ with questions
    • Contact: 301-763-5635 / for details on submitting your data through a secure FTP site

Component ID: #ti1749011834

The data collection period has ended for the following survey site, which is no longer available online:

Component ID: #ti1749011833

Component ID: #ti1615207825

Please see our statement for more information:

Component ID: #ti1615207827

Census Bureau Statement on IT Security Incident

July 22, 2015 – The U.S. Census Bureau is investigating an IT security incident relating to unauthorized access to non-confidential information on an external system that is not part of the Census Bureau internal network.  Access to the external system has been restricted while our IT forensics team investigates.

Component ID: #ti1615207828

Security and data stewardship are integral to the Census Bureau mission.  We will remain vigilant in continuing to take every necessary precaution to protect all information.

Component ID: #ti1615207829

If you have any questions or concerns about how the Census Bureau protects your data, I encourage you to contact our Respondent Advocates, Dave Waddington and Nishea Quash, at Dave and Nishea can explain the many policies and procedures that the Census Bureau uses to ensure America’s data is safe and secure.

  Is this page helpful?
Thumbs Up Image Yes    Thumbs Down Image No
Comments or suggestions?
No, thanks
255 characters remaining
Thank you for your feedback.
Comments or suggestions?
Back to Header