The personal information of over 4,000 banking executives was stolen from a compromised server at the Federal Reserve and then posted online by hackers associated with Anonymous. The breach came soon after a similar attack against the Department of Energy where more personally identifiable information for hundreds of employees was compromised.
The Federal Reserve breach and data dump are said to be a “dox” attack, which refers to a data breach or leak of information for the purpose of embarrassing the target, in this case the U.S. Federal Reserve. Personal information for over 4,600 banking executives was stolen from the U.S. central bank through a temporary vulnerability with a website vendor product. The Federal Reserve has not elaborated much on the details, but has stated that the vulnerability was fixed shortly after discovery and that the “incident did not affect critical operations of the Federal Reserve System.” Data posted on Pastebin by the Anonymous members includes the names, business and personal email addresses, IP addresses, login IDs and salted and hashed passwords for the 4,600 banking executives.
Although the Federal Reserve has corrected the issue and claims the breach did not affect their critical operations, the compromised data could lead to highly targeted spear phishing attacks against the breach victims targeting both personal and business bank accounts. Hundreds of Department of Energy employees and contractors could also be targeted with phishing attacks after a data breach compromised their personal information. With both of these data breaches the size and immediate damage are minimal, but the fact that two major U.S. government agencies recently suffered such attacks is significant. While the amount of data and personal information compromised is small, it can be used for targeted attacks which have proven successful for spreading malware to businesses and government agencies via spear phishing attacks.
For more information: