European Central Bank Held To Ransom Over Stolen Data

Hackers have breached the public website of the European Central Bank (ECB) and made off with names, email addresses and other personal details of people who had registered for events there.

The attack came to light on Monday, after the organisation received an anonymous email which demanded an unspecified amount of money for the data.

The ECB said most of the stolen information was encrypted, and no sensitive market data has been compromised in the breach. It didn’t indicate whether it was going to pay the ransom.

ECB does not negotiate

The institution, which administers the monetary policy of the 18 members of the Eurozone who chose to adopt the single currency, was established by the Treaty of Amsterdam in 1998 and is one of the world’s most important central banks.

Sometime this year hackers hit the database system on a public-facing website that belongs to the ECB and contains lists of people who had been registering to attend its conferences and meetings.

“While most of the data were encrypted, parts of the database included email addresses, some street addresses and phone numbers that were not encrypted,” said the bank. “The database also contains data on downloads from the ECB website in encrypted form.”

Instead of paying the ransom, the ECB has alerted the police in Germany, where it is headquartered.

“Unless we’re missing some important facts, it makes little sense for the ECB to pay a hacker money in this circumstance, as there’s no guarantee that he won’t also sell access to the data in addition to getting the ransom,” explained Tim Erlin, director of security and risk at Tripwire. “Data isn’t the same as a physical object or person. It’s copied, not stolen.”

“The fact the offender sent an email to the ECB directly asking for financial compensation for the data, could be seen as an indicator of its lack of quality,” added a spokesperson for Malwarebytes. “If the breach had accessed highly sensitive data, you would probably expect this to be sold off quietly.”

The ECB said the compromised database was physically separated from any internal systems. It has patched the flaw which enabled the attack, and started contacting people whose personal data might have been stolen. All passwords have also been reset as a precaution.

Even though the loss of personal details does not present an immediate threat, this information could be used to target the unfortunate users in further ‘spear-phishing’ campaigns.

How well do you know network security? Try our quiz and find out!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

Hackers Target Australia’s Largest Pension Funds

Multiple pension funds in Australia have been hit in co-ordinated hacking attacks, and unfortunately customers…

2 days ago

Pentagon Confirms Investigation Of Signal Use By Pete Hegseth

Inspector General at the Pentagon confirms investigation into the use of Signal app by US…

2 days ago

Amazon Resumes Drone Deliveries In US

After a two month hiatus following crashes of a new drone model, Amazon has resumed…

2 days ago

Amazon Joins Bidders To Acquire TikTok In US

But will Beijing or ByteDance allow sale? Amazon joins potential bidders for TikTok in US,…

3 days ago

Elon Musk Dismisses Reports Of Imminent Departure From DOGE

Elon Musk dismisses report that Trump told cabinet that he expects Musk to leave his…

3 days ago