Anonymous hackers hit US Federal Reserve

US Federal Reserve confirms an intranet breach but denies claims that Anonymous hackers accessed the passwords of over 4,000 executives

The US Federal Reserve has confirmed an internal website has been breached, but denies claims that hacktivist group Anonymous accessed a file containing the passwords of more than 4,000 bank executives.

The claim was made via Twitter using an account registered to OpLastResort, which is linked to Anonymous, according to the Guardian.

OpLastResort is a campaign linked to Anonymous, started in protest against the US government’s prosecution of digital activist Aaron Swartz, who killed himself on 11 January.

Hackers identifying themselves as Anonymous breached the US sentencing commission website in January to protest against the government's treatment of Swartz.

However, it does appear that a file containing personal data was breached because the Federal Reserve told Reuters it had contacted affected individuals and warned them about the risks.

The Federal Reserve ascribed the compromise to the exploitation of a "temporary vulnerability in a website vendor product", according to reports.

"Exposure was fixed shortly after discovery and is no longer an issue. This incident did not affect critical operations of the Federal Reserve system," the bank said.

The bank declined to identify which website had been hacked, but reports said information provided to bankers indicated an internal site contained contact information for use during natural disasters.

In 2011 Anonymous threatened to take action against the Federal Reserve over its economic policies, but the latest incident is the first time it has claimed success in breaching the agency, according to the BBC.

Finance industry sources said if the core Federal Reserve IT systems had been compromised it would be a huge concern for the financial community, because it provides a lot of sensitive financial disclosures for regulatory reasons to the Federal Reserve.


Read more on Privacy and data protection