The IMF was hacked over a several month period earlier this year, according to sources quoted by the New York Times.
The fund handles economic bailout programs around the world so exposure of its confidential information could affect international markets. The bailout agreements are “political dynamite in many countries”, an IMF official told the newspaper.
The sources did not indicate the type of information that was accessed, although the board of directors was briefed last week on the data breach.
The World Bank, its sister organization located adjacent to the IMF, cut its secure network links with the fund, the newspaper noted.
The sources indicated that the attacks may have been the result of spear phishing, in which an employee is tricked into clicking on a malicious web link.
Ross Brewer, vice president and managing director for international markets at LogRhythm, commented that “with the FBI now involved, and the World Bank cutting its network connection to the organization, we can safely assume that the attack is of a serious nature. As yet another high-profile organization falls victim to a data breach and we are once again forced to question whether it is actually possible to protect data from hackers.”
Paul Davis, director for Europe at FireEye, said that the IMF incident “goes further than just a potential data breach that is insular to their organization. The subsequent reaction of the World Bank highlights that with increased connectivity and perhaps an increasing system interdependency, a compromised partner, supplier or customer is a potential threat vector.”