The European Central Bank announced on Aug. 15 that unauthorized parties had breached the security measures protecting its Banks’ Integrated Reporting Dictionary (BIRD) website, which is hosted by an external provider.
The BIRD website provides the banking industry with details on how to produce statistical and supervisory reports and is physically separate from any other external and internal European Central Bank systems, the ECB stated.
In announcing the breach, which was discovered during regular maintenance work, the ECB said it’s “possible that the contact data (but not the passwords) of 481 subscribers to the BIRD newsletter may have been captured.” Affected information consists of the e-mail addresses, names, and position titles of the subscribers.
“The breach succeeded in injecting malware onto the external server to aid phishing activities,” the ECB said. “The external BIRD website has been closed down until further notice. Neither ECB internal systems nor market-sensitive data were affected.”
The ECB said it has “informed the European Data Protection Supervisor about the breach” and is “taking the necessary steps to ensure that the website can safely resume operations.”
From a proactive standpoint, “it’s important the 481 BIRD subscribers who have had their details compromised be extra vigilant going forward,” says Egress CEO Tony Pepper. “The compromised email addresses that have been taken from the server could be used in future phishing attacks by malicious actors, enabling them to gain further pieces of personal data or trick recipients into downloading malware to their systems.”
“These subscribers should be on the lookout for any message that seems suspicious—for example using incorrect branding or poor grammar,” Pepper says. “In addition, they shouldn’t click on any suspicious links contained in these e-mails. Instead, they should hover their mouse over it to see if the address matches the link displayed or, if possible, open the site via another window.”