Two days after the group Anonymous boasted it had broken into a government Web site and had the data dump to prove it, the U.S. Federal Reserve admitted it was hacked.
“The Federal Reserve system is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product,” a spokeswoman told Reuters Tuesday. “Exposure was fixed shortly after discovery and is no longer an issue. This incident did not affect critical operations of the Federal Reserve system.”
The admission follows a tweet from @OpLastResort that the group had accessed government servers around the time of the Super Bowl and posted private data on more than 4,000 U.S. bank executives. The breach appears to be tied to a internal server that contains contact information for financial institution’s chief executives that the Fed can access during a natural disaster.
Various news sites earlier reported more than contact data was stolen, such as login credentials that included hashed passwords and IP addresses, but an unidentified spokesperson told The Huffington Post the hackers’ claims were “overstated.”
This evening Reuters revealed it had obtained a copy of a message from the Fed to its Emergency Communication System warning that “mailing address, business phone, mobile phone, business email, and fax numbers had been published.
“Some registrants also included optional information consisting of home phone and personal email. Despite claims to the contrary, passwords were not compromised,” the Fed said in the memo.
The theft marks another salvo from hactivists tied to Operation Last Resort, which in January launched a campaign to take on government Web sites after the suicide of Internet activist Aaron Swartz, who was facing prosecution for breaking into M.I.T. servers and posting academic articles from JSTOR without permission.
Last month the U.S. Sentencing Commission Web site was breached in protest of the Swartz case.