← Back to incidents

Incident · Cyber Criminals

Federal Home Loan Bank of New York

FinancialsUSAIncident February 21, 2024Filed March 1, 2024
Impact score
Business continuity
Not Required
Insurance involved
Not disclosed
Filing
8-K · 1.05

Breach taxonomy

Cyber CriminalsSupply ChainCash EquivalentFinancial Fraud

Summary

On February 21, 2024, the Federal Home Loan Bank of New York detected an attempt by unknown persons to fraudulently obtain funds from the Bank. Investigation determined that a fourth-party vendor (a vendor of a Bank vendor) had been compromised, enabling the fraud attempt. The Bank's own IT systems and networks were not compromised, no unauthorized transactions were executed, and no funds were transferred. Bank members were able to continue transacting throughout the incident.

Tagging rationale

ThreatCyber Criminals

Filing describes an attempt to fraudulently obtain funds via a compromised vendor — consistent with financially motivated cybercriminals; no explicit attribution but financial fraud motive is clear.

MethodsSupply Chain

Filing explicitly states the incident was caused by a fourth-party vendor (a vendor of a Bank vendor) being compromised — a supply chain attack vector.

AssetsCash Equivalent

Filing describes an attempt to fraudulently obtain funds from the Bank — targeting cash or cash equivalent assets.

EffectsFinancial Fraud

The incident was a financial fraud attempt targeting the Bank's funds, though no unauthorized transactions were ultimately executed.

Business continuityNot Required

Filing states the Bank's own IT systems were not compromised and Bank members could continue to execute transactions — no operational disruption requiring continuity procedures.

Impact

Attempted financial fraud via compromised fourth-party vendor was fully prevented — no funds transferred, no systems compromised, no operational disruption.

InsuranceNot disclosed

Filing makes no mention of insurance.

Read the original SEC filing excerpt
Item 1.05 Material Cybersecurity Incidents On February 21, 2024, the Federal Home Loan Bank of New York, through its operational controls, detected unknown persons attempting to fraudulently obtain funds from the Bank. The Bank immediately activated its response process, and determined that a fourth-party vendor (i.e., a vendor of a Bank vendor) had been compromised, which caused the incident. The Bank then took prompt steps to contain and remediate the incident. The Bank's own information technology systems and networks were not compromised or affected, no unauthorized transactions were executed and no monies were transferred to the unknown persons, and Bank members were able to continue to execute transactions with the Bank. As of the date of this filing, the incident has not had a material impact on the Bank's operations, and the Bank believes the incident will not materially impact the Bank's financial condition or results of operations.
View SEC filingBack to database

More in Financials

Unknown · March 23, 2026

Bitcoin Depot Inc.

On March 23, 2026, Bitcoin Depot discovered that an unauthorized party gained access to its IT systems and obtained control of credentials a

Unknown · March 2, 2026

Heritage Financial Corporation

On or about March 2, 2026, Heritage Financial Corporation detected unauthorized access to an internal file share server used by employees, w

Unknown · September 1, 2025

Prosper Marketplace, Inc.

On September 1, 2025, Prosper Marketplace identified that an unauthorized third party gained access to company systems containing proprietar

Unknown · August 14, 2025

BayFirst Financial Corp.

On August 14, 2025, BayFirst National Bank was notified of a cybersecurity incident at a third-party marketing services provider. On October