The European Central Bank (ECB) confirmed Thursday that it had been hit by a cyberattack that involved attackers injecting malware into one of its websites and potentially stealing contact information of its newsletter subscribers.
Headquartered in Germany, the European Central Bank (ECB) is the central bank of the 19 European Union countries which have adopted the euro and is itself responsible for supervising the data protection practices of the banking system across these countries.
In an official statement published Thursday, the ECB said unknown “unauthorized parties” had managed to breach its Banks’ Integrated Reporting Dictionary (BIRD) website, which was hosted by a third-party provider, eventually forcing the bank to shut down the site.
Launched in 2015, BIRD is a joint initiative of the Eurosystem to the euro zone’s central banks and the banking system, which provides banks with a precise description of the data that aims to help reporting agents efficiently organize information stored in their internal systems and fulfill their reporting requirements.
At the time of writing, the BIRD website displays a page informing visitors that the site is down for maintenance at the moment and will be back online shortly. However, it doesn’t mention anything about the security incident.
The BIRD website appears to have been hacked several months ago on December 2018, according to a Reuters report, but the ECB discovered the breach just late last week during regular maintenance work.
Unknown hackers managed to install malware onto the external server hosting the BIRD website to host software for phishing attacks, which may have allowed them to walk away with the email addresses, names and position titles of 481 subscribers of the site.
The ECB assured its users that the stolen information does not include their passwords and that “neither ECB internal systems nor market-sensitive data were affected” in the breach since the BIRD website is physically separate from other external and internal ECB systems.
The ECB said that it “takes data security extremely seriously” and have already informed the European Data Protection Supervisor about the incident. It has also started contacting people whose data may have been affected.
If you are one of those affected users, you are advised to beware of phishing emails and follow standard security practices while browsing online.
This is not the very first time when the European Central Bank has been hit by a security breach.
The ECB suffered a data breach in 2014 as well, when hackers managed to compromise its database serving its public website, leading to the theft of email addresses, phone numbers and other contact details of people registering for events at the ECB.
The attacks on banks have been increased in recent years, but till now, the central bank of Bangladesh experienced the world’s biggest cyberattack that took place in 2016 when cybercriminals successfully stole $81 million from the country’s central bank account at the New York Fed while attempting to transfer $951 million.