Federal Reserve Breach Leads RoundupBankers' Credentials Compromised
In this week's breach roundup, the hacktivist group Anonymous claims it compromised credentials for about 4,000 bankers by hacking the U.S. Federal Reserve. The U.S. Department of Energy also reports a breach that exposed employee and contractor information.
Federal Reserve Hit by Anonymous
The hacktivist group Anonymous on Super Bowl Sunday claimed it had compromised 4,000 bankers' credentials from the Federal Reserve System, according to news media reports.
"The Federal Reserve System is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product," according to an official statement from the Fed. "The exposure was fixed shortly after discovery and is no longer an issue. This incident did not affect critical operations of the Federal Reserve System."
The hackers claimed they were able to breach a computer system that the Federal Reserve used to communicate with bankers in emergencies, such as natural disasters and potential acts of terrorism.
Federal officials told ABC News that user data for the Emergency Communications System was compromised, but that financial and monetary policy information was unaffected.
The FBI has opened an investigation into the incident.
Energy Department HQ Computers Hacked
The U.S. Department of Energy confirms that hackers penetrated its headquarter's computer network in mid-January, and the personally identifiable information of several hundred department employees and contractors was exposed.
DoE officials remained mute about the incident until a Feb. 1 memo sent to employees and contractors describing the breach was leaked this week.
In a statement, DoE says the department's cybersecurity team, the Office of Health, Safety and Security and the Inspector General's office are working with federal law enforcement to promptly gather detailed information on the nature and scope of the incident and assess the potential impacts to DoE staff and contractors. Based on the findings of this investigation, the statement says, no classified data was compromised.
Media Websites Targeted
The websites of Twitter, the New York Times, the Washington Post and the Wall Street Journal have recently fallen victim to cyberattacks.
Circumstantial evidence that the Chinese government and military are behind many of these cyberattacks seems highly credible, according to a paper issued by Mandiant (see: How the Dots Connect Hacks to Chinese).
Twitter detected unusual access patterns that led to it identifying unauthorized access attempts to the social network's user data, Bob Lord, twitter manager of network security and infrastructure, wrote in a Feb. 1 blog. Twitter said it discovered one live attack and shut it down almost immediately. But its investigation indicated that the attackers may have had access to limited user information - usernames, e-mail addresses, session tokens and encrypted/salted versions of passwords - for 250,000 users.
"As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts," Lord said.
Lord wrote that the attack was neither the work of amateurs, nor an isolated incident. "The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked," he said. "For that reason, we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users."
On Feb. 1, a Washington Post article said the Post website had been victimized by a sophisticated cyberattack targeted in an operation that resembled intrusions against The New York Times and Wall Street Journal and that company officials suspect was the work of Chinese hackers.
The New York Times on Jan. 30 published a story explaining that for the past four months, its computer systems have been systematically hacked, accusing the Chinese government of being behind it (see: N.Y. Times' Transparent Hack Response).
Retail Breach Tied to Global Fraud
The compromise of hundreds of payment cards, apparently tied to fraud worldwide, has been linked to a network hack affecting Arizona-based supermarket chain Bashas' Family of Stores.
An executive with a card-issuing institution that serves the West Coast, who asked not to be named, says fraudulent transactions linked to the Bashas' breach have shown up in international markets. "From what we are seeing, this is a corporate breach that is very active with fraud occurring worldwide," the executive says.
On Feb. 5, Bashas' confirmed a breach of its corporate network, which likely exposed debit and credit card numbers used at one or more of Bashas' 130 locations in Arizona, which include Bashas' supermarkets, AJ's and Food City.
"We were recently the victim of a cyberattack by highly sophisticated criminals who gained access to parts of our systems to capture payment information," the company revealed in its Feb. 5 breach statement. "Bashas' is and has been compliant with all Payment Card Industry (PCI) security requirements. However, we recently located and removed a highly sophisticated piece of malware that has never been seen before in the industry.
"The malware has been identified and contained, and we are working with forensic specialists and federal law enforcement officials in their investigation to find those responsible," the company states.
Wisconsin Clinic Reports Breach
The River Falls Medical Clinic in Wisconsin is notifying about 2,400 patients of a breach of personal information.
Officials at the clinic reported unspecified stolen equipment to the River Falls Police in summer 2012. Upon investigating the incident, police found the stolen equipment, as well as paper documents containing patient information, at the home of a suspect, who was employed by an outside cleaning service that worked for the clinic, according to the River Falls Journal.
The suspect has been charged with two felonies for stealing property and faces other unrelated charges.
The suspect allegedly took paper documents from medical clinic bins that stored documents intended to be shredded. The compromised information in the documents included patients' name, date of birth, certain account/billing account information such as diagnosis codes, scheduling information, insurance information, account numbers and medical chart numbers, the newspaper reported.
Some documents contained patient Social Security numbers, home addresses and phone numbers. All the records have been returned to the clinic.
Affected individuals will receive free credit monitoring services for a year.