50 Breaches In Four Years: Federal Reserve Cybersecurity Incidents By The Numbers

Image courtesy of Adam Fagen

Cyber criminals seem intent on trying to crack open the Federal Reserve, at least according to a recent analysis of records that show the agency was the target of dozens of cyber breaches over a four-year period.

The Federal Reserve, which holds confidential information on discussions about monetary policies that drive global financial markets, unveiled the spate of 50 data breaches between 2011 and 2015 while complying with a Freedom of Information Act request from Reuters.

The heavily redacted reports — which only cover the Fed’s Board of Governors, not the 12 privately owned regional branches covered by the central bank — don’t provide specific information on who hacked the bank’s systems or whether they accessed sensitive information or stole money. However, they do provide a look at the dangers lurking within the computer systems at the Federal Reserve.

The types and success of the data breaches covers a wide array of Federal Reserve business, but Reuters reports that most of the incidents noted in the reports occurred during a time when the Fed was buying massive quantities of U.S. government debt and mortgage-backed securities.

Here’s a look at the Fed reports by the numbers:

140 – Of the 310 reports provided by the Federal Reserve’s Board of Governors, 140 cited hacking attempts on the agency. Reuters reports that many of these incidents were not classified.

From 2011 to 2013, the Fed reported eight information breaches that involved “malicious code” — otherwise known as software used by hackers to gain access to information they shouldn’t have.

4 In 2012, there were four hacking incidents that Fed staff considered to be acts of “espionage.” Two of those incidents included the discourse of information, while the reports did not provide information on the other two incidents.

It’s unclear if these incidents involved foreign governments or entities, Reuters reports.

51 The Fed’s national team of cybersecurity experts identified 51 incidents that involved “information disclosure.”

Reuters reports that these incidents can refer to a number of issues, such as unauthorized people seeing Fed information, or hacking attacks on emails sent to the wrong person.

263 The Fed’s national security team — known as the National Incident Response Team — created 263 of the incident reports provided to Reuters.

NIRT, which operates in the same building where millions of dollars in cash is processed each day, handles “higher impact” cases.

5 A former NIRT employee tells Reuters that in one case, he and other team members worked around the clock for five days straight to fix software hackers had used to gain access to Fed systems.

The employee says security staff found no signs that sensitive information — like passwords — were ever disclosed in the incident.

Reuters reports that this isn’t the first time the Federal Reserve has faced a string of questions related to its cyber security.

In 2015, an audit by the Fed Board’s Office of Inspector General found the agency was not adequately scanning databases for vulnerabilities or putting enough restrictions on system access.

Fed records show dozens of cybersecurity breaches [Reuters]