European Central Bank confirms data breach and extortion attempt

ECB says that attackers attempted to ransom the compromised data

ecb logo hq

The European Central Bank has confirmed a data breach, after attackers compromised an application on the Frankfurt-based bank's website.

In a statement issued on Thursday, the ECB said that the incident came to light after an anonymous email was sent earlier this week requesting that a ransom be paid for the compromised records.

The attack focused on a database that stored information on journalists and other professionals who registered for ECB conferences, press briefings, and other events.

"No internal systems or market sensitive data were compromised. The database serves parts of the ECB website that gather registrations for events such as ECB conferences and visits. It is physically separate from any internal ECB systems," the bank's statement explained.

"While most of the data were encrypted, parts of the database included email addresses, some street addresses and phone numbers that were not encrypted. The database also contains data on downloads from the ECB website in encrypted form."

Those that were impacted by the event will be contacted directly by the ECB. The application vulnerability that led instigated the compromise has been patched, but the exact nature of the flaw wasn't disclosed.

In addition, passwords on the ECB website have been changed.

Earlier this year, the ECB issued an assessment guide for securing internet payments. Among the suggestions were application-based risk assessments and a layered approach to security for defense in-depth.

So while the event management system was weak, it would seem that the bank has taken their advice to heart, and properly segmented data and services.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.