After hacking, data theft, European Central Bank closes its website
On Thursday, the European Central Bank (ECB) confirmed that the BIRD’s Web site was affected by attackers and downsized until the situation was under control.
This compromise may have resulted in the attackers collecting 481 newsletter subscribers ‘ e-mail addresses, names and positions, not their passwords.
Data breach – Malware Injection
The European Central Bank manages the euro and conducts the eurozone monetary policy.
The website of the BIRD, which provides information on how statistical and supervisory reports are produced in the banking sector, is hosted by an external provider and is physically separate from any other external and internal ECB system, according to the Bank.
“The breach succeeded in injecting malware onto the external server to aid phishing activities. The external BIRD website has been closed down until further notice. Neither ECB internal systems nor market-sensitive data were affected.”
The ECB reports that the violation was found during regular maintenance but it dates back to December 2018, according to Reuters. If it wasn’t for maintenance, who knows how much longer would the compromise be unnoticed.
What happen Next?
The ECB has informed the European Data Protection Supervisor of the infringement and notified the persons whose information has been compromised.
While the information is not so sensitive that it can certainly be easily collected from the websites of different organisations, a list like this is a perfect ready-made tool for spear-phishing.
Indeed, the violation of one of the ECB’s public web sites by 2014 has led to theft of similar information. The apparent aim of these attackers was to hold back the stolen data.
Data Breach Hits Desjardins, 2.7 Million People Affected
Chinese National Indicted For Anthem’s 2015 Massive Data Breach
Airbus Suffers Data Breach, Employees Data Accessed