European Central Bank Hacked

The European Central Bank (the ECB) announced on Thursday the 24th of July that its website was the victim of a cyber-attack resulting in the security of the site being compromised. The attack resulted in a breach of the security for a database serving its public website. The database is used for individuals to register for conferences, events, and visits hosted by the organisation. The ECB stated that while most of the database was encrypted, some of the database held contact details such as email addresses, phone numbers, and addresses in unencrypted format.  The ECB believes that approximately 20,000 people who had registered with the bank's website are affected by the breach.

In the statement released by the ECB it states it was unaware of the attack until it was contact by an anonymous party claiming to be behind the attack. The anonymous contact then proceeded to try to extort the bank, threatening to publish the compromised data unless the bank met their demands. The ECB refused to meet the demands and is in the process of contacting the individuals affected and resetting the passwords for all users on the system

According to the ECB's website it "is responsible for the prudential supervision of credit institutions located in the euro area and participating non-euro area Member States, within the Single Supervisory Mechanism, which also comprises the national competent authorities." While the ECB states no market data or internal systems were compromised by the breach it is no doubt embarrassing for an institution of this stature to become victim to such an attack.

The ECB have assured all those affected that its security experts have identified and addressed the vulnerability that led to the compromise. The ECB is also working with German police to try and track down those responsible for the attack.

Some interesting lessons can be learnt from this breach for other organisations;

  • Once again the importance of monitoring systems for potential breaches has been highlighted. It is interesting to note the ECB were not aware of the attack until they were contacted by the anonymous person claiming to be behind the attack. Until then the ECB's system, and the personal data entrusted to the ECB by those visiting the site, continued to be vulnerable and at risk. So the key takeaway from this breach is to ensure that your log monitoring and alerting solution is comprehensive, covers all key systems, and that it is effective.
  • You should regularly review your log monitoring and alerting systems to make sure they are attuned to your particular environment. Conducting this exercise in line with any vulnerability management or penetration testing exercises can help highlight where there are such weakness.
  • Those behind the attack tried to monetise the data as quickly as possible by using extortion to demand payment or the data would be published. This is a trend we are seeing becoming more popular with criminals demanding payment to refrain from launching DDoS attacks against as website, or publicising compromised data. This ploy should be included in every organisation's incident response play book to make sure the organisation has a documented and tested response to extortion based attacks.
  • Post the attack the ECB's security experts were able to identify and address the vulnerability. From the reports it is not clear what the vulnerability was, but the issue highlights how important effective and regular vulnerability testing, augmented by penetration tests, can help identify and address issues before others do.

The ECB are working closely with the the police to try and bring those behind the attack to justice. As an organisation tasked with providing oversight to the European Union's banking systems, and the security of same, this episode will no doubt be an embarrassing one.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitydata breachEuropean Central Bank

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Brian Honan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place