Cyber Incident Victim: Federal Reserve Bank of St. Louis

On April 24, 2015, computer hackers compromised a domain name service (DNS) vendor utilized by the Federal Reserve Bank of St. Louis, manipulating routing settings to redirect a portion of the Bank’s web traffic to fraudulent webpages. These rogue pages were designed to mimic the appearance of the St. Louis Fed’s research.stlouisfed.org domain, which hosted publicly accessible economic data tools including FRED, FRASER, GeoFRED, and ALFRED. The attackers created simulated login interfaces for these services, intending to intercept user credentials or deploy malicious software. Users attempting to access the research website on that date may have been automatically redirected to the counterfeit pages without their knowledge. The Bank clarified that its own internal systems and website infrastructure remained uncompromised, with the breach limited to the third-party DNS provider’s configuration.

The St. Louis Fed became aware of the incident and on May 18, 2015, notified all active user accounts about the potential exposure of login credentials during the April 24 redirection. Individuals who attempted to authenticate on the affected date faced risks including phishing, malware infection, and unauthorized access to their usernames and passwords. In response, the Bank mandated a password reset for all users upon their next login attempt and advised adopting unique, strong passwords for each online account to minimize cross-service vulnerabilities. No specific number of impacted users or forensic details about the attackers’ identity or objectives were disclosed. The notification emphasized proactive caution despite the absence of confirmed credential misuse, underscoring the indirect nature of the compromise through a vendor rather than direct infiltration of Federal Reserve systems.