European Central Bank confirms website hack and data breach

Graham Cluley
Graham Cluley
@[email protected]

European Central Bank confirms website hack and data breach

The European Central Bank (ECB), the central bank of the 19 European countries which have adopted the euro, has shut down a compromised website after it discovered that hackers had planted malware that stole information from newsletter subscribers.

An ECB press release admits that subscribers to the Banks’ Integrated Reporting Dictionary (BIRD) newsletter had their email addresses and other contact details stolen after hackers successfully infected malware onto webpages on the BIRD website, which is hosted by an external provider.

Fortunately, the ECB claims that passwords were not stolen, and none of the bank’s internal systems were compromised or market-sensitive data was affected.

Sign up to our free newsletter.
Security news, advice, and tips.

A cheery message on the BIRD website currently tells visitors that site is currently down for maintenance, but makes no mention of the security breach.

Back soon

We’ll be back soon!
Sorry for the inconvenience but we’re performing some maintenance at the moment. If you need to you can always contact us, otherwise we’ll be back online shortly!

— The BIRD Team

The ECB press release, however, confirms that 481 subscribers to the BIRD newsletter may have had their contact details stolen. That’s obviously far far far from the biggest data breach that has even been seen, but the nature of the particular victims underlines that even a “small” data breach can be important.

It’s obviously a relief to hear that passwords weren’t stolen, as that could have meant things which were much more serious (especially as so many people make the mistake of reusing the same password in multiple places).

But a breach like this is still serious. Criminals who have accessed the contact details of subscribers could use it in criminal attacks, perhaps through targeting users with malware or phishing scams, or potentially by attempting to defraud companies through business email compromise attacks.

Disappointingly, the ECB’s advisory doesn’t say if affected parties are being contacted to warn of the security breach, or offer any indication of how long the security problem may have existed. However, this Reuters report claims that the earliest evidence found of a website compromise dates back to December 2018, and that victims are being informed.

Anyone affected needs to be wary of unsolicited emails and clicking on links that may attempt to compromise their computers or steal further information from them.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.