Hackers access Federal Reserve website, data

February 7, 2013: 8:16 AM ET
federal reserve
The Federal Reserve has acknowledged a data breach.
HONG KONG (CNNMoney)

The Federal Reserve has acknowledged that an outside party gained access to its website and a limited amount of data, raising questions about the central bank's cyber-security measures.

"The Federal Reserve System is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product," a Federal Reserve spokesman said in a statement.

"The exposure was fixed shortly after discovery and is no longer an issue," the spokesman said. "This incident did not affect critical operations of the Federal Reserve System."

The Fed did not say which of its websites had been compromised, or detail the information obtained by intruders.

Related: The Cybercrime Economy

According to Reuters, the Fed notified bankers earlier this week that a contact database designed to facilitate communication between banks during a natural disaster had been compromised.

The notice, sent via the Fed's Emergency Communication System, warned that email addresses, phone numbers and other contact information had been stolen and published.

"Hacktivist" collective Anonymous, which has targeted the U.S. government in the past, claimed responsibility for the attack.

Related: Anonymous in disarray after major crackdown snares leaders

On Twitter, OpLastResort, an account that claims to be affiliated with Anonymous, said Sunday that it had carried out the attack, and posted a link a third-party website where the data could be downloaded.

In the past, Anonymous has taken down several high-profile sites, including those of the Motion Picture Association of America and the Recording Industry Association of America. It has also targeted Amazon.com and the U.S. Department of Justice.

Anonymous often makes its attacks not through hacking, but merely by directing a giant traffic surge to the targeted website. The strategy is called a DDoS attack, short for distributed denial-of-service -- and it's hard for most websites to defend against.

The loose collective, including OpLastResort, has in recent weeks expressed anger over the death of Aaron Swartz.

Related: Activist Aaron Swartz's suicide sparks talk about depression

Swartz, a 26-year-old Internet savant who shaped the online era by co-developing RSS and Reddit and later became a digital activist, committed suicide last month.

In 2011, Swartz was arrested in Boston for alleged computer fraud and illegally obtaining documents from protected computers. He was facing the possibility of a trial and incarceration.

Swartz's family and partner called his death "the product of a criminal justice system rife with intimidation and prosecutorial overreach." And they criticized prosecutors for seeking "an exceptionally harsh array of charges (for) an alleged crime that had no victims."

The U.S. attorney for Massachusetts, Carmen Ortiz, has said that her office acted appropriately in bringing the case.

-- CNN's Scott Spoerry contributed to this report.


Search for Jobs