The U.S. Census Bureau failed to mitigate a known vulnerability that enabled hackers to attack its network in January 2020, new report says.