In addition to the standard two forms of identification, offer letter and contact information, new hires at the U.S. Department of Education are required to bring along a certificate of completion for cybersecurity training course. A recent internal investigation shows why that training is probably a pretty good idea. In a previously undisclosed probe into a 2011 “spear phishing” campaign, hackers targeted senior staff and managed to break through the department’s security protections to steal data from the department. Much about the incident, which was described in documents released through a Freedom of Information Act request by Federal Times, remains…