The stolen data is comprised of user contact information- including email addresses and phone numbers.
The European Central Bank learned of a digital infrastructural breach late Monday night when it received an anonymous email from the perpetrators seeking financial compensation for the acquired data. The ECB announced today on their website that the hackers exploited a vulnerability to access a database serving the ECB's public website, and no internal systems or market sensitive data were affected.
The majority of the data was encrypted- but email addresses, phone numbers and street addresses were not. Around 20,000 entries were contained in the database, and it is unknown whether the attackers copied all of its contents or only a limited selection. As a precaution, the ECB has reset all user passwords on its website and is reaching out to people whose personal information might have been compromised. The vulnerability exploited by the hackers has been identified and corrected.
The incident was reported to the local Frankfurt authorities, and an investigation has commenced. The Frankfurt police chose to wait for more information regarding the extortion instead of immediately responding to the inquiry. A spokeswoman for the bank has not nor intends to pay any amount of money to the group of thieves.
Jon French, a security analyst at email and Web security firm AppRiver, stated that the affected individuals are now currently at a higher risk of fraud and phishing attacks due to the security breach, and the inclusion of a target's personal information could make a phishing attack seem more genuine than a random spam email. Alternatively, the culprits could use a victim's information more directly in order to commit identity fraud.
Leave a comment and let us know what you think.
Source: PC World via ECB Press Release