(Bloomberg) -- The European Central Bank said one of its websites was hacked by unauthorized people who may have stolen private information including contact data.
According to an emailed statement, hackers installed malware onto an external server that hosts the Banks’ Integrated Reporting Dictionary, or BIRD, to aid phishing activities. It’s possible that email addresses, names and position titles of 481 subscribers to the BIRD newsletter may have been captured, the ECB said, but that passwords were not.
The ECB has closed down the website until further notice after discovering the breach during regular maintenance work, and is contacting people whose data may have been stolen. Neither ECB internal systems nor market-sensitive data were compromised.
The BIRD website provides banks with details on how to produce statistical and supervisory reports, according to the statement. It’s physically separate from any other external and internal ECB systems.
“The ECB takes data security extremely seriously,” the institution said. It has informed the European Data Protection Supervisor about the incident.
The security breach comes after the Frankfurt-based institution itself made repeated calls for commercial banks in the region to invest in more secure information technology systems amid a growing number of cyber threats.
Earlier this week, the ECB’s banking supervision arm published a newsletter in which it stated there will be a number of on-site inspections on IT-risk related topics in the coming months.
That comes after “severe findings” in the area of banks’ IT security management. The institution also runs controlled hacking tests to identify weaknesses in banks’ systems.
The ECB is not the first central bank to a have its IT structure violated, although the incident doesn’t compare to the experiences some of its peers had to make.
In 2018, the payment system run by the Mexican central bank was compromised, allowing money to be siphoned off from fake domestic bank accounts and then withdrawn. The central bank of Bangladesh experienced a cyber attack in 2016 involving the attempted transfer of $951 million from its account with the Federal Reserve Bank of New York.