Internal site hacked, Federal Reserve confirms
Only days after Anonymous claimed it hacked the Federal Reserve to expose the personal information of 4,000 bank executives online, the Fed has admitted that intruders breached one of its internal websites.
A Federal Reserve spokeswoman on Tuesday confirmed with news service Reuters that a temporary vulnerability in a website vendor product was exploited, allowing hackers to access the Fed's data. The bug is now fixed.
The Fed wouldn't say which internal site or application was compromised, but Reuters obtained a copy of a message from the Fed that was sent to its Emergency Communication System (ECS) regarding the matter.
The message said passwords were not compromised in the hack, despite contrary reports, but that mailing addresses, business and mobile phone numbers, business emails and fax numbers from its site were published online.
According to Anonymous, its dump included the personal data of financial institution employees – including CEOs, presidents, CFOs, IT management, loan officers and secretaries. Data alleged to be the first and last names of employees was posted online, along with individuals' addresses, titles, names of their financial institution, email addresses, IP addresses, login IDs and hashed passwords.
On Sunday, Anonymous tweeted about the incident, plainly stating that the data came from the Fed, the country's central bank. The data was posted on the website of the Alabama Criminal Justice Information Center (ACJIC), a clearinghouse of criminal records and statistics for the state. The page on ACJIC's site has since been removed.
“Now we have your attention America,” the Sunday tweet from Anonymous read. “Anonymous's Super Bowl commercial, 4k banker dox via the Fed.”