ECB says that attackers attempted to ransom the compromised data The European Central Bank has confirmed a data breach, after attackers compromised an application on the Frankfurt-based bank’s website.In a statement issued on Thursday, the ECB said that the incident came to light after an anonymous email was sent earlier this week requesting that a ransom be paid for the compromised records.The attack focused on a database that stored information on journalists and other professionals who registered for ECB conferences, press briefings, and other events.“No internal systems or market sensitive data were compromised. The database serves parts of the ECB website that gather registrations for events such as ECB conferences and visits. It is physically separate from any internal ECB systems,” the bank’s statement explained. “While most of the data were encrypted, parts of the database included email addresses, some street addresses and phone numbers that were not encrypted. The database also contains data on downloads from the ECB website in encrypted form.”Those that were impacted by the event will be contacted directly by the ECB. The application vulnerability that led instigated the compromise has been patched, but the exact nature of the flaw wasn’t disclosed. In addition, passwords on the ECB website have been changed.Earlier this year, the ECB issued an assessment guide for securing internet payments. Among the suggestions were application-based risk assessments and a layered approach to security for defense in-depth.So while the event management system was weak, it would seem that the bank has taken their advice to heart, and properly segmented data and services. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe