ECB Closes Website After Breach By ‘Unauthorised Parties’

The European Central Bank (ECB) shuttered one of its websites last week after it discovered a security breach by ‘unauthorised parties’.

The website in question is the Integrated Reporting Dictionary (BIRD) website, which “provides the banking industry with details on how to produce statistical and supervisory reports.”

The ECB was quick to point out that the BIRD website is hosted by an external provider, and is physically separate from any other external and internal ECB system.

ECB breach

The ECB made the admission last Thursday, when it confirmed that the BIRD website had been hacked by unauthorised parties.

It said that email addresses and other contact data (i.e. names, job titles) of 481 subscribers to the BIRD newsletter may have been captured.

But it stressed that passwords were not accessed, and no internal systems or market-sensitive data was compromised.

It said that the BIRD website has been “shut down until further notice.”

“The breach succeeded in injecting malware onto the external server to aid phishing activities,” said the ECB. “The external BIRD website has been closed down until further notice. Neither ECB internal systems nor market-sensitive data were affected.

To make matters worse, it seems that the European Central Bank only realised that the website had been compromised when it carried out regular maintenance work.

“The ECB takes data security extremely seriously,” the central bank said. “We have informed the European Data Protection Supervisor about the breach. The ECB is taking the necessary steps to ensure that the website can safely resume operations.”

Previous hack

In 2017 the ECB warned that banks in the European Union that are directly regulated by the European Central Bank (ECB) faced similar rules that private companies now face under the current GDPR rules.

And it should be noted that this is not the first time the ECB has been hacked.

In July 2014 the ECB confirmed that hackers had breached its public website and made off with names, email addresses and other personal details of people who had registered for events there.

The attack came to light after the organisation received an anonymous email which demanded an unspecified amount of money for the data.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Elon Musk’s X Suffers Multiple Outages

Nation-state cyberattack? Elon Musk blames outages on Monday at X (formerly Twitter) on “massive cyberattack”

10 hours ago

Apple Confirms AI Improvements to Siri Delayed To 2026

More time required for Apple to improved the AI capabilities of the Siri voice assistant,…

12 hours ago

Siemens Confirms $285m Manufacturing Investment In US

German conglomerate Siemens confirms $285 million investment for manufacturing facilities in Texas and California

13 hours ago

IBM Wins Lawsuit Against LzLabs Over Mainframe Patents

Court ruling. Big Blue lawsuit filed in London had alleged IP theft of mainframe technology…

15 hours ago

Trump Says US Talking With Four Groups Over TikTok Sale

But what about Beijing? Donald Trump says administration in talks with four different groups about…

17 hours ago