ECB shuts down compromised BIRD website

15 August 2019

• ECB’s BIRD website hacked by unauthorised parties
• Email addresses and other contact data may have been captured
• No internal systems or market-sensitive data compromised
• BIRD website shut down until further notice

The European Central Bank (ECB) said on Thursday that unauthorised parties had breached the security measures protecting its Banks’ Integrated Reporting Dictionary (BIRD) website, which is hosted by an external provider. As a result, it was possible that the contact data (but not the passwords) of 481 subscribers to the BIRD newsletter may have been captured. The affected information consists of the email addresses, names and position titles of the subscribers. The ECB is contacting people whose data may have been affected. The breach succeeded in injecting malware onto the external server to aid phishing activities. The external BIRD website has been closed down until further notice. Neither ECB internal systems nor market-sensitive data were affected.

The BIRD website provides the banking industry with details on how to produce statistical and supervisory reports. It is physically separate from any other external and internal ECB systems.

The breach came to light during regular maintenance work.

The ECB takes data security extremely seriously. We have informed the European Data Protection Supervisor about the breach. The ECB is taking the necessary steps to ensure that the website can safely resume operations.

For media queries, please contact Stefan Ruhkamp, tel.: +49 69 1344 5057.