THE WEBSITE belonging to the European Central Bank (ECB) has been hacked and had user information pilfered from it.
The ECB confirmed news of the attack on Thursday in a statement on its website, admitting that it has seen the theft of customer email addresses and other contact data such as addresses and phone numbers. It also admitted that while most of the stolen data was encrypted, some of it was not.
"While most of the data were encrypted, parts of the database included email addresses, some street addresses and phone numbers that were not encrypted," it confessed on its website. "The database also contains data on downloads from the ECB website in encrypted form"
The ECB was keen to point out that no sensitive data, such as credit card information, was compromised in the attack on its website.
It said, "No internal systems or market sensitive data were compromised. The database serves parts of the ECB website that gather registrations for events such as ECB conferences and visits. It is physically separate from any internal ECB systems."
The ECB said it was made aware of the attack via an anonymous email it received on Monday from the hackers, demanding financial compensation for the data they had stolen. However, it is not yet known who carried out the attack.
Commenting on the hack, Keith Bird, MD of security specialist Check Point, said, "This attack highlights how even high profile organisations with robust defences can fall victim to enterprising cyber-criminals. The European Central Bank was clearly unaware it had been infiltrated as it first came aware when the attackers issued a ransom [demand] for the data they had obtained.
"In 2013 we did in-depth security audits at 150 financial organisations worldwide, and found that 88 percent had experienced a data loss incident in 2013, up from 61 percent in 2012.
"With the pace of attacks increasing it highlights the need for multiple layers of defence, including encryption for all data, to mitigate the risks of intrusion and data theft."
Users affected by the theft will be contacted by the ECB, which notes that it has already changed all passwords on the system as a precaution. It also said that it has contacted the German police. µ