The European Central Bank (ECB) reported in late July that its database had been hacked, and sensitive data had been retrieved from it. The bank explained that most of the data had been encrypted, which means it would be difficult or impossible for a hacker to read. Some of it, though — including street addresses, phone numbers, and email addresses — were recorded and stored in plain text.
According to the BBC, the hacker was able to steal about 20,000 email addresses. The ECB assured users that none of their market-sensitive data or internal information were harmed or reached during the breach, since the database is separate from their internal systems. The ECB is contacting anyone who may have been affected by the breach, and is requiring all passwords to be changed just as a precaution.
“It is imperative that organizations view security both from an IT perspective and a business process perspective to ensure that these types of breaches are minimized,” says Bob Goodrich, Vice President of Sales and Marketing at JSCAPE LLC.
Perhaps as troubling as the breach itself is realizing that the ECB did not discover the breach. Instead, the hacker alerted the bank to the breach when they delivered a ransom email. The hacker was hoping to use the breach as a way to extort cash from the ECB. The bank, which is located in Frankfurt, Germany, is now under the investigation of data security experts and the German police in order to make sure that any remaining system vulnerabilities are addressed.
“The breach can be classified as a moderate data breach. The severity of the breach is minimized because password and financial data was encrypted,” explains Will Semple, VP of research at Alert Logic, a data security firm.
Semple believes that businesses should be taking every safeguard against breaches, because even if the breach is relatively minimal, it can be highly damaging to an institution’s reputation. “The fact that the hackers were able to get their hands on email address and phone numbers is likely to have a significant impact on customer trust,” he predicts. This is the first time that hackers have been able to successfully access the ECB’s non-public data.