ECB Closes Website After Breach By ‘Unauthorised Parties’

The European Central Bank (ECB) shuttered one of its websites last week after it discovered a security breach by ‘unauthorised parties’.

The website in question is the Integrated Reporting Dictionary (BIRD) website, which “provides the banking industry with details on how to produce statistical and supervisory reports.”

The ECB was quick to point out that the BIRD website is hosted by an external provider, and is physically separate from any other external and internal ECB system.

ECB breach

The ECB made the admission last Thursday, when it confirmed that the BIRD website had been hacked by unauthorised parties.

It said that email addresses and other contact data (i.e. names, job titles) of 481 subscribers to the BIRD newsletter may have been captured.

But it stressed that passwords were not accessed, and no internal systems or market-sensitive data was compromised.

It said that the BIRD website has been “shut down until further notice.”

“The breach succeeded in injecting malware onto the external server to aid phishing activities,” said the ECB. “The external BIRD website has been closed down until further notice. Neither ECB internal systems nor market-sensitive data were affected.

To make matters worse, it seems that the European Central Bank only realised that the website had been compromised when it carried out regular maintenance work.

“The ECB takes data security extremely seriously,” the central bank said. “We have informed the European Data Protection Supervisor about the breach. The ECB is taking the necessary steps to ensure that the website can safely resume operations.”

Previous hack

In 2017 the ECB warned that banks in the European Union that are directly regulated by the European Central Bank (ECB) faced similar rules that private companies now face under the current GDPR rules.

And it should be noted that this is not the first time the ECB has been hacked.

In July 2014 the ECB confirmed that hackers had breached its public website and made off with names, email addresses and other personal details of people who had registered for events there.

The attack came to light after the organisation received an anonymous email which demanded an unspecified amount of money for the data.

Do you know all about security? Try our quiz!