- Email addresses and contact data stolen from public ECB website
- Theft was from database that is separate from any internal system
- No market sensitive data compromised
The European Central Bank (ECB) said on Thursday there had been a breach of the security protecting a database serving its public website. This led to the theft of email addresses and other contact data left by people registering for events at the ECB.
No internal systems or market sensitive data were compromised. The database serves parts of the ECB website that gather registrations for events such as ECB conferences and visits. It is physically separate from any internal ECB systems.
The theft came to light after an anonymous email was sent to the ECB seeking financial compensation for the data. While most of the data were encrypted, parts of the database included email addresses, some street addresses and phone numbers that were not encrypted. The database also contains data on downloads from the ECB website in encrypted form.
The ECB is contacting people whose email addresses or other data might have been compromised and all passwords have been changed on the system as a precaution.
The ECB takes data security extremely seriously. German police have been informed of the theft and an investigation has started.
ECB data security experts have addressed the vulnerability.
For media inquiries, please call Elodie Nowodazkij on +49 69 1344 7390