ECB shuts down compromised website following hack
19 August 2019 | 0
The European Central Bank’s (ECB) have confirmed that unauthorised parties may have stolen contact data from one of its websites following a hack.
The Banks’ Integrated Reporting Dictionary (BIRD) web site, which is hosted by an external provider, has been shut down after it was found that malware had been injected onto the external server to aid phishing activities.
BIRD provides the banking industry with details on producing statistical and supervisory reports. It is physically separate from any other external and internal ECB systems.
According to Reuters, the breach may have occurred in December 2018 and was uncovered during routine maintenance work.
In a statement, the ECB said data, including the email addresses, names, and position titles, of the 481 subscribers of the BIRD newsletter “may have been captured”. The ECB is in the process of contacting those whose data may have been compromised.
Subscribers’ passwords were not stolen, and the ECB’s internal systems and market-sensitive data were not affected.
“At this stage it is too early to know what the exact cause was that led to the breach,” said Brian Honan, one of Ireland’s foremost experts in cybersecurity, speaking to TechCentral. “However, we should remember that the ECB are a victim to a crime and that ultimately the blame for the breach lies at the hands of the criminals that caused the breach.
“Under GDPR, organisations are responsible for ensuring the security of any details entrusted to it, such as mailing list subscriber details, even if it is hosted with a third party.”
This is not the first time the ECB was victim of a data breach. In 2014, email addresses and contact data were stolen from the ECB’s public web site.