The European Central Bank (ECB) confirmed Thursday that it had been hit by a cyberattack that involved attackers injecting malware into one of its websites and potentially stealing contact information of its newsletter subscribers.
Headquartered in Germany, the European Central Bank (ECB) is the central bank of the 19 European Union countries which have adopted the euro and is itself responsible for supervising the data protection practices of the banking system across these countries.
In an official statement published Thursday, the ECB said unknown “unauthorised parties” had managed to breach its Banks’ Integrated Reporting Dictionary (BIRD) website, which was hosted by a third-party provider, eventually forcing the bank to shut down the site.
Launched in 2015, BIRD is a joint initiative of the Eurosystem to the euro zone’s central banks and the banking system, which provides banks with a precise description of the data that aims to help reporting agents efficiently organise information stored in their internal systems and fulfill their reporting requirements.
At the time of writing, the BIRD website displays a page informing visitors that the site is down for maintenance at the moment and will be back online shortly. However, it doesn’t mention anything about the security incident.
The BIRD website appears to have been hacked several months ago on December 2018, according to a Reuters report, but the ECB discovered the breach just late last week during regular maintenance work.
Unknown hackers managed to install malware onto the external server hosting the BIRD website to host software for phishing attacks, which may have allowed them to walk away with the email addresses, names and position titles of 481 subscribers of the site.
The ECB assured its users that the stolen information does not include their passwords and that “neither ECB internal systems nor market-sensitive data were affected” in the breach since the BIRD website is physically separate from other external and internal ECB systems.
images from Hacker News