Hackers steal user data from the European Central Bank website, ask for money

The compromised information includes email addresses, phone numbers and physical contact addresses of ECB event participants

Hackers have stolen user contact information, including email addresses and phone numbers, from the website of the European Central Bank and attempted to extort money from the institution.

The attackers exploited a vulnerability to access a database serving the ECB's public website, the institution announced Thursday on its website. No internal systems or market sensitive data were affected, the ECB said.

The compromised database primarily contained contact information provided by users when registering for various ECB events and conferences. Most of the data was encrypted, but email addresses, phone numbers and street addresses were not, according to the ECB.

The database contained around 20,000 email addresses and a lower number of phone numbers and physical contact addresses, an ECB spokeswoman said Thursday. It's not known at this time if the attackers copied the entire database or only parts of it, but 95 percent of the information in the database was encrypted, she said.

ECB learned of the breach late Monday night when it received an anonymous email from the attackers seeking financial compensation for the data.

The ECB has not and will not pay anything, the ECB spokeswoman said.

The incident was reported to police in Frankfurt, where the ECB is headquartered, and an investigation has been launched. The Frankfurt police did not immediately respond to an inquiry seeking more information about the extortion attempt.

The ECB has reset all user passwords on its website as a precaution and is contacting people whose email addresses and other data might have been compromised. The vulnerability exploited by the attackers has been identified and fixed.

Given that people typically interested in ECB events work in the financial industry, the stolen email addresses could prove a valuable resource for phishers.

The affected individuals could be at a higher risk of fraud and phishing attacks following this security breach, said Jon French, a security analyst at email and Web security firm AppRiver, via email. Personal information about the target could make a phishing attack more convincing than a random spam email. "Likewise the attacker could just attempt to use the gained personal data and attempt to use it to commit fraud."

Extortion attempts using stolen customer data are increasingly common. In June, hackers threatened to release stolen personal information on more than 650,000 French and Belgian customers of Domino's Pizza unless the company paid them 30,000 euros (over US$40,000).

"Unless we're missing some important facts, it makes little sense for the ECB to pay a hacker money in this circumstance, as there's no guarantee that he won't also sell access to the data in addition to getting the ransom," said Tim Erlin, director of security and risk at security firm Tripwire, via email. "Data isn't the same as a physical object or person. It's copied, not stolen."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securityTripwiredata breachAppRiverdata protectionEuropean Central Bankprivacyfraud

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?