On Friday, September 23, the Financial Crimes Enforcement Network (FinCEN) announced an apparent compromise of the “FinCEN QuikNews” system, a subscriber-based e-mail service that is part of the Financial Crimes Enforcement Network’s public website, which is hosted externally.
Bank Secrecy Act data and all other sensitive information maintained on internal systems by FinCEN are secure and were in no way, shape or form compromised by this incident. The “FinCEN QuikNews” system resides outside FinCEN’s security perimeter and is not connected to any other FinCEN systems. While we have no indication that anything more than the QuikNews mailing list was compromised, out of an abundance of caution, we are conducting a thorough security review. As a preventative measure, over the weekend FinCEN disabled its websites and applications for security maintenance and the replacement of equipment.
Today the public websites - www.fincen.gov, www.msb.gov, and www.egmontgroup.org – are available. However, there are some links that remain disabled at this time until further analysis can be completed. We expect full functionality to be restored in the very near future and apologize for any inconvenience. Currently the programs that remain unavailable are: the 314(a) system (Secure Information Sharing System), the MSB online Material Order Form, and the MSB state selector. If you require any assistance, please contact FinCEN's Regulatory Helpline at 1-800-949-2732. If you have a 314(a)-related question, please call the 314 Program Office at 1-800-949-2732 and select option 2.
Our initial investigation of the incident involving the QuikNews service indicates that the e-mail addresses of “FinCEN QuikNews” subscribers were compromised. As we reported Friday this matter is under active criminal investigation. Since FinCEN did not collect personal information from subscribers to this service, no information, other than e-mail addresses, was compromised.
The unauthorized message has been analyzed by multiple sources both within and outside of FinCEN and no virus or other malicious code has been detected. As an exercise of caution we recommend that “FinCEN QuikNews” subscribers delete the original message and any additional e-mail messages they might receive that appear to originate from the following FinCEN sources:
- FinCEN News
- FinCEN QuikNews Mailing List
The current “FinCEN QuikNews” system has been shut down permanently. While we anticipate reinstituting a notification service in the future, it will not be done using the current mailing list, therefore it will not be necessary to unsubscribe from the system.
We will continue to post additional updates on FinCEN’s website as information becomes available. We sincerely regret this incident and any inconvenience this may have caused.