The European Central Bank (ECB), the organization that administers the monetary policy of the Eurozone, announced on Thursday that it had suffered a data breach in which some contact information was stolen.
According to a statement published on its website, the ECB became aware of the incident after the attackers sent a blackmail email “seeking financial compensation for the data.” The cybercriminals supposedly gained access to a database that’s used to store registration data for conferences and visits. While most of the data is encrypted, email addresses, phone numbers and street addresses are not, the ECB said. Data on downloads from the ECB website is also included in the database, but was also encrypted.
Since the breached database is physically separate from internal systems, the organization is confident that market sensitive data has not been compromised.
“The ECB is contacting people whose email addresses or other data might have been compromised and all passwords have been changed on the system as a precaution,” the organization stated. “The ECB takes data security extremely seriously. German police have been informed of the theft and an investigation has started.”
The vulnerability leveraged by the attackers to gain unauthorized access to the website has been patched, the ECB said.
The Associated Press reported that roughly 20,000 email addresses were obtained by the attackers, but the number of compromised phone numbers and street addresses is smaller.