“The Federal Reserve system is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product,” a spokeswoman for the US central bank said.
“Exposure was fixed shortly after discovery and is no longer an issue. This incident did not affect critical operations of the Federal Reserve system,” the spokeswoman said, adding that all individuals affected by the breach had been contacted.
The admission follows a claim that hackers linked to Anonymous struck the bank on Sunday. The technology news site ZDNet separately reported that Anonymous appeared to have published information said to containing the login information, credentials, internet protocol addresses and contact information of more than 4,000 US bankers.
The claim was made via Twitter using an account registered to OpLastResort, which is linked to Anonymous, which has claimed responsibility for attacks on other government and corporate sites.
OpLastResort is a campaign some hackers linked to Anonymous have started to protest against government prosecution of the computer prodigy Aaron Swartz, who killed himself on 11 January.
The bank declined to identify which website had been hacked. But information it provided to bankers indicated that the site, which was not public, was a contact database for banks to use during a natural disaster.
A copy of the message sent by the bank to members of its Emergency Communication System (ECS) and obtained by Reuters warned that mailing address, business phone, mobile phone, business email and fax numbers had been published. “Some registrants also included optional information consisting of home phone and personal email. Despite claims to the contrary, passwords were not compromised,” the bank said.
The website’s purpose is to allow bank executives to update the Fed if their operations have been flooded or otherwise damaged in a storm or other disaster. That helps the bank assess the overall impact of the event on the banking system.
Hackers identifying themselves as Anonymous infiltrated the US sentencing commission website in late January to protest against the government’s treatment of Swartz.
Swartz was charged with using the Massachusetts Institute of Technology’s computer networks to steal more than 4m articles from Jstor, an online archive and journal distribution service. He faced a maximum sentence of 31 years if convicted.