A domain name server used by the St. Louis Federal Reserve was hacked in late April, directing some queries to potentially malicious Web pages designed to look like its site, a spokesperson from the financial institution said.
The regional Fed location told active users of its data tools about the April 24 breach on Monday. Users directed to the domains could have been vulnerable to phishing, malware or password theft, the bank's message said.
The attack affects individuals who attempted to access research.stlouisfed.org and some of its functions on that day. The St. Louis Fed's main website was not compromised.
Users will be prompted to change their passwords the next time they log into the site, the St. Louis Fed said.
— CNBC's Ryan Ruggiero contributed to this report.