Federal Reserve confirms hack attack led to data leak
- Published
The US's central bank has confirmed information was stolen from its servers during a hack attack.
The Federal Reserve told the Reuters news agency it had contacted individuals whose personal information had been involved.
It follows the hacktivist collective Anonymous's publication of what it described as the credentials of 4,000 US bank executives.
The Fed did not say whether the two incidents were related.
The Anonymous document contains the names and workplaces of employees at dozens of community banks, credit unions and other lenders, as well as mobile phone numbers and what appear to be computer log-on names and passwords.
However, Reuters reported that the Fed had issued an internal report stating that "passwords were not compromised" and had indicated that the leaked list had been a contact database to be used during natural disasters.
"The Federal Reserve system is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product," a Fed spokeswoman said.
"Exposure was fixed shortly after discovery and is no longer an issue. The incident did not affect critical operations of the Federal Reserve system."
Unanswered questions
Over recent years, computer hackers identifying themselves under the Anonymous umbrella have carried out a series of attacks on US government sites and linked organisations such as the US-based intelligence company Stratfor.
In 2011 Anonymous threatened to take action against the Fed over its economic policies, but the latest incident is the first time it has claimed success at breaching the agency.
However, it would not be the first time the central bank's systems have been compromised. In 2010 a Malaysian man pleaded guilty to adding "malicious code" to the Fed's network via one of its regional banks.
One UK-based expert said the financial industry would want to know more details about the latest incident.
"If the core Federal Reserve systems are compromised it would be massively concerning for the financial community because it provides a lot of sensitive financial disclosures for regulatory reasons to the Fed, and potentially if a third-party got access to all of that information it could open a can of worms within the banking system overall," said Chris Skinner, chairman of the Financial Services Club networking group.
"People will want to know exactly how it was compromised and what information was leaked."
Hacking laws
Anonymous has linked its alleged attack to wider protests following the suicide of internet freedom campaigner Aaron Swartz.
The 26-year-old had been accused of illegally downloading academic documents from the Massachusetts Institute of Technology (MIT)'s network.
He had been charged with computer intrusion, fraud and data theft, and if found guilty could have faced up to 35 years in prison.
Anonymous and others have called for a change to anti-hacking laws to temper sentences.
MIT has also acknowledged its own systems have suffered a series of hack attacks - the most recent redirected visitors from its site to a page saying "RIP Aaron Swartz".
- Published26 January 2013
- Published24 January 2013
- Published14 January 2013