In a short statement released on Thursday, the bank had stated that an unauthorised party had breached the security measures that were put in place to protect BIRD.
Subsequently, the contact data of 481 subscribers may have been captured, with the email addresses, names, and position titles of the subscribers amongst the affected information. Passwords were not captured.
The unauthorised party had succeeded in injecting malware onto the external server to “aid phishing activities”.
The BIRD website has been shut down until further notice.
In the statement, it is stressed that neither ECB internal systems nor market-sensitive data were affected by the data breach.
This isn’t the first time ECB has suffered a data breach. In 2014, a database containing website form data had been compromised by hackers. A total of 20,000 email addresses had been stolen and then held for ransom.
“The ECB takes data security extremely seriously. We have informed the European Data Protection Supervisor about the breach. The ECB is taking the necessary steps to ensure that the website can safely resume operations,” the statement wrote.
Tom Draper, the technology and cyber practice leader at risk management outfit Gallagher, stated that the attack on ECB “demonstrates the exposures associated with third parties outside of a company’s security team.”
Article originally published on PrivSec:Report
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.