The European Central Bank (ECB) is the latest financial industry organization to suffer a data breach, after one of its databases was hacked and the stolen data held for ransom.
The bank said Thursday that the security that protected a database serving its public website has been breached. As a result, the email addresses and other contact data of people registering for events at the ECB has been stolen.
The breach was only revealed, the ECB said, when the hackers sent an anonymous email to the ECB seeking financial compensation for the data. The bank reports that German police have been alerted and that an investigation has been launched.
The bank maintains that most of the data was encrypted, but that parts of the database included email addresses, some street addresses and phone numbers that were not encrypted. The database also contains encrypted data on downloads from the ECB website. It says that it is now contacting people whose email addresses, and other data, might have been compromised, and it has changed all the passwords on the system, too. The security vulnerability has been fixed, it says.
The ECB also says that its internal systems were not compromised in the breach, and that no market sensitive data was lost. The database that serves parts of the ECB website is physically separate from any internal systems, it notes.