Hacker group LockBit claims to have hacked the US Federal Reserve; threatens to release 33TB of sensitive data

The infamous hacker group LockBit announced it breached the United States Federal Reserve. On its Tor data leak site, the group claimed to have exfiltrated a staggering 33 terabytes of sensitive information, which allegedly includes confidential banking details of American citizens.

Reports emerged on June 24 that LockBit is engaged in ransom negotiations with the Federal Reserve Board. The group is allegedly demanding payment in exchange for not releasing the 33 terabytes of government data. As of now, LockBit has not published any samples of the stolen data, according to a report from Security Affairs.

Federal Reserve hacked?

In a statement on its leak site, LockBit explained, “Federal banking is the term for the way the Federal Reserve of the United States distributes its money. The Reserve operates twelve banking districts around the country which oversee money distribution within their respective districts. The twelve cities which are home to the Reserve Banks are Boston, New York City, Philadelphia, Richmond, Atlanta, Dallas, Saint Louis, Cleveland, Chicago, Minneapolis, Kansas City, and San Francisco.”

“33 terabytes of juicy banking information containing Americans’ banking secrets. You better hire another negotiator within 48 hours, and fire this clinical idiot who values Americans’ bank secrecy at $50,000,” reads the announcement from LockBit.

Dominic Alvieri, a cybersecurity analyst and security researcher, also shared another screenshot of Lockbit on X.

LockBit posts the US Federal Reserve?

Someone is mad. @federalreserve pic.twitter.com/oqXwTVKHJe

— Dominic Alvieri (@AlvieriD) June 23, 2024

Over the years, LockBit has a notorious history of targeting a wide array of organizations, from small businesses and multinational corporations to hospitals, schools, nonprofit organizations, critical infrastructure, and government agencies. Some of their high-profile victims include the Thales Group, the Toronto Hospital for Sick Children, and the U.S. subsidiary of the Chinese state-owned Industrial and Commercial Bank of China (ICBC).

In November 2023, TechStartups covered an incident where LockBit reported receiving a ransom from ICBC following a cyberattack. In a message sent via the online messaging app Tox, a LockBit representative confirmed to Reuters, “They paid a ransom, deal closed.” ICBC has not responded to requests for comments.

As this situation develops, all eyes are on the Federal Reserve and its response to LockBit’s demands. This breach underscores the growing threat posed by cybercriminal groups and the urgent need for robust cybersecurity measures across all sectors.