Internal site hacked, Federal Reserve confirms

Share this article:

Only days after Anonymous claimed it hacked the Federal Reserve to expose the personal information of 4,000 bank executives online, the Fed has admitted that intruders breached one of its internal websites.

A Federal Reserve spokeswoman on Tuesday confirmed with news service Reuters that a temporary vulnerability in a website vendor product was exploited, allowing hackers to access the Fed's data. The bug is now fixed.

The Fed wouldn't say which internal site or application was compromised, but Reuters obtained a copy of a message from the Fed that was sent to its Emergency Communication System (ECS) regarding the matter.

The message said passwords were not compromised in the hack, despite contrary reports, but that mailing addresses, business and mobile phone numbers, business emails and fax numbers from its site were published online.

According to Anonymous, its dump included the personal data of financial institution employees – including CEOs, presidents, CFOs, IT management, loan officers and secretaries. Data alleged to be the first and last names of employees was posted online, along with individuals' addresses, titles, names of their financial institution, email addresses, IP addresses, login IDs and hashed passwords.

On Sunday, Anonymous tweeted about the incident, plainly stating that the data came from the Fed, the country's central bank. The data was posted on the website of the Alabama Criminal Justice Information Center (ACJIC), a clearinghouse of criminal records and statistics for the state. The page on ACJIC's site has since been removed.

“Now we have your attention America,” the Sunday tweet from Anonymous read. “Anonymous's Super Bowl commercial, 4k banker dox via the Fed.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Florida Supreme Court rules warrants a must for real-time cell location tracking

Florida Supreme Court rules warrants a must for ...

The Florida Supreme Court put the kibosh on warrantless real-time tracking using location data obtained from cell phone providers.

Modular malware for OS X includes backdoor, keylogger components

Modular malware for OS X includes backdoor, keylogger ...

The modular malware was named "Ventir," by researchers at Kaspersky.

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted ...

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.