As yet, the validity of this claim is unclear, but if true, this is incredibly significant. According to a document posted to Pastebin, hacking group LulzSec has claimed that it has been able to steal what could amount to millions of records from the UK 2011 Census, with a public release coming soon.
The group notes that it has “blissfully obtained records of every single citizen who gave their records to the security-illiterate UK government for the 2011 census”. In a shift away from its normal protocol, LulzSec has not yet mentioned the compromise on its Twitter account, as it would normally.
However, the group did post a tweet, which could relate to its the attack in question:
Our next step is to categorize and format leaked items we acquire and release them in #AntiSec “payloads” on our website and The Pirate Bay.
The Pastebin statement teases readers, suggesting that the group will keep them “under lock and key”, suggesting UK citizens will not have to “worry about [their] privacy” at least until it finishes “re-formatting them for release” – suggesting it will only be a matter of time until records are released publicly.
This release is confirmed when the group says it will embark “upon a trip to ThePirateBay with our beautiful records for your viewing pleasure”, meaning records will be downloadable by anyone with the correct link and a working Bittorrent client.
The information captured is likely to include income levels, employment information, statements on religion as well as names and addresses.
We have contacted the Office of National Statistics who “weren’t aware of the issue” but are now investigating the claims after we alerted them to the issue.
The nature of Pastebin means that this could be a faked document uploaded by anyone, but given LulzSec’s recent activity, there is definitely cause for concern.
Update: The Office of National Statistics confirms it is investigating the claims but says there is no evidence of a security breach:
We are aware of the suggestion that census data has been accessed. We are working with our security advisers and contractors to establish whether there is any substance to this. The 2011 Census places the highest priority on maintaining the security of personal data. At this stage we have noevidence to suggest that any such compromise has occurred.
LulzSec also put an end to rumours that it compromised servers containing the UK 2011 Census by posting an update to its Twitter account, noting the following:
Not sure we claimed to hack the UK census or where that rumour started, but we assume it’s because people are stupider than you and I.