IMF suffers ‘major’ data breach
The International Monetary Fund (IMF) confirms it was hacked, with suggestions the attack was state sponsored.
The International Monetary Fund (IMF) has admitted it was hit by a serious, sophisticated cyber attack recently.
The IMF told employees about the compromise last Wednesday, but did not make any public announcement, the New York Times reported.
One official revealed the data breach occurred over the past few months, starting before former managing director and French politician Dominique Strauss-Kahn was arrested on sexual assault charges.
"We are investigating an incident, and the fund is fully functional," said IMF spokesperson David Hawley.
The hackers reportedly attempted to establish a fake "digital insider presence."
The IMF, which has not revealed any further details on the nature of the attack, holds plenty of important data, including market information and communications between world leaders.
State sponsored?
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Stolen data included documents and emails, according to Bloomberg, citing a security expert who was "familiar with the incident."
The expert, who wished to remain anonymous because he was not authorised to speak on the subject, said the intrusion was state sponsored.
"The IMF has revealed very little about this incident but with the FBI now involved, and the World Bank cutting its network connection to the organisation, we can safely assume that the attack is of a serious nature," said Ross Brewer, vice president and managing director for international markets at LogRhythm.
"As yet another high profile organisation falls victim to a data breach we are once again forced to question whether it is actually possible to protect data from hackers. The sheer number of headline grabbing incidents suggests that attempts to prevent cyber attacks from occurring in the first place may be ineffective and that a new approach is required."
Mark Darvill, director at trusted security firm, AEP Networks, said the attack was "of significant concern."
"The attempt to establish a fake "digital insider presence," whether it is another state or a malicious individual, needs to be looked at extremely carefully," Darvill added.
"Once something is digitally signed', it is essentially assumed legitimate and given roaming rights. The possibility of a large-scale cyber attack disrupting our power, finance, security and governmental systems is becoming more and more of a possibility in today's world."
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.