Hackers steal user data from the European Central Bank website, ask for money

The compromised information includes email addresses, phone numbers and physical contact addresses of ECB event participants

Hackers have stolen user contact information, including email addresses and phone numbers, from the website of the European Central Bank and attempted to extort money from the institution.

The attackers exploited a vulnerability to access a database serving the ECB's public website, the institution announced Thursday on its website. No internal systems or market sensitive data were affected, the ECB said.

The compromised database primarily contained contact information provided by users when registering for various ECB events and conferences. Most of the data was encrypted, but email addresses, phone numbers and street addresses were not, according to the ECB.

The database contained around 20,000 email addresses and a lower number of phone numbers and physical contact addresses, an ECB spokeswoman said Thursday. It's not known at this time if the attackers copied the entire database or only parts of it, but 95 percent of the information in the database was encrypted, she said.

ECB learned of the breach late Monday night when it received an anonymous email from the attackers seeking financial compensation for the data.

The ECB has not and will not pay anything, the ECB spokeswoman said.

The incident was reported to police in Frankfurt, where the ECB is headquartered, and an investigation has been launched. The Frankfurt police did not immediately respond to an inquiry seeking more information about the extortion attempt.

The ECB has reset all user passwords on its website as a precaution and is contacting people whose email addresses and other data might have been compromised. The vulnerability exploited by the attackers has been identified and fixed.

Given that people typically interested in ECB events work in the financial industry, the stolen email addresses could prove a valuable resource for phishers.

The affected individuals could be at a higher risk of fraud and phishing attacks following this security breach, said Jon French, a security analyst at email and Web security firm AppRiver, via email. Personal information about the target could make a phishing attack more convincing than a random spam email. "Likewise the attacker could just attempt to use the gained personal data and attempt to use it to commit fraud."

Extortion attempts using stolen customer data are increasingly common. In June, hackers threatened to release stolen personal information on more than 650,000 French and Belgian customers of Domino's Pizza unless the company paid them 30,000 euros (over US$40,000).

"Unless we're missing some important facts, it makes little sense for the ECB to pay a hacker money in this circumstance, as there's no guarantee that he won't also sell access to the data in addition to getting the ransom," said Tim Erlin, director of security and risk at security firm Tripwire, via email. "Data isn't the same as a physical object or person. It's copied, not stolen."

Join the newsletter!

Or
Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securityfraudprivacydata protectiondata breachEuropean Central BankAppRiverTripwire

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Essentials

James Cook University - Master of Data Science Online Course

Learn more >

Mobile

Victorinox Werks Professional Executive 17 Laptop Case

Learn more >

Exec

Budget

Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?