ECB discovers data breach in bank newsletter
The European Central Bank (ECB) has experienced a data breach from a group of hackers, according to a statement by the bank on Thursday.
The hackers installed malware onto the site and stole the contact details of 481 subscribers to a statistical ECB newsletter, which they had access to for months. Email addresses, names and positions were potentially leaked.
“Unauthorised parties[…] breached the security measures protecting the Banks’ Integrated Reporting Dictionary (Bird) website,” the bank noted in a statement.
An ECB spokesman told AFP the hackers had been present in the Bird system since at least December last year, which only “came to light during regular maintenance work”.
Bird is a service coordinated by the central bank’s supervision arm, which oversees over 100 of the biggest and most important lenders in the 19 eurozone countries.
The website supports banks in gathering and organising information for submission to ECB supervisory teams.
“From publicly available information the cyber-attack on the ECB appears to have been caused by a breach of a vendor’s server. Similar to the Capital One breach earlier this summer, this further demonstrates the exposures associated with third parties outside of a company’s security team,” says Tom Draper, technology & cyber practice leader at Gallagher.
Private lenders and eurozone national central banks work together to hash out the data and processing rules needed to meet regulatory reporting requirements, which have grown in complexity since the financial crisis and the ECB’s taking over supervision in 2014.
The ECB said that while the hackers did not have access to sensitive information like passwords, it was contacting people potentially affected to let them know.
Since the website was run on an external server separate from other ECB computers, “neither ECB internal systems nor market-sensitive data were affected,” the bank added.
It is the second time in five years that one of the ECB’s websites has been hacked.