In a statement, the St. Louis Fed told users of its public economic data and analysis tools that the bank discovered the breach in April. The bank said hackers compromised the domain name registrar, which sends traffic to the St. Louis Fed, and were able to redirect users to "phony" sites.
The fake websites were designed to look like the web pages of services provided by the Federal Reserve Bank of St. Louis. The attack compromised the Internet's routing system, known as the domain name system (DNS).
"As is common with these kinds of DNS attacks, users who were redirected to one of these phony websites may have been unknowingly exposed to vulnerabilities that the hackers may have put there, such as phishing, malware and access to user names and passwords," the agency said in a statement.
A spokeswoman for the Federal Reserve Bank of St. Louis told the New York Times that she did not yet know who was behind the attacks.
The bank's website itself was not compromised, the bank said. Essentially, hackers were targeting not the site, but its users, security experts explained.
"Unless hackers were really into some serious economic research, the likely target of this attack was not the [bank's] data, but rather the users of this data," said Igor Baikalov, chief scientist at cyber threat data firm Securonix, in a statement.
The hackers could have gained valuable personal information from the hack that could be used in more sophisticated attacks, said Dave Jevans, the chairman of the Anti-Phishing Working Group.
"Great way to phish the passwords and email addresses of bankers and currency traders," Jevans told the New York Times. "Since people reuse passwords, this is a ready font of juicy data to attack all users of the Fed's data."
DNS attacks require more skill than typical hacks and have become increasingly popular among cyber crooks, especially in the last six months.
"Domain hijacking and web address network re-directing is a huge problem, getting worse and nearly impossible to prevent from a target company perspective," Brad Taylor, CEO of computer security firm Proficio, said in a statement.
The St. Louis Fed is one of 12 regional Federal Reserve Banks. Together, they help determine the country's monetary policy. The St. Louis branch's focus is on economic research and data.