FRANKFURT (Reuters) - The European Central Bank (ECB) shut down one of its websites on Thursday after it was hacked and infected with malicious software.
The ECB said no market-sensitive data had been compromised during the attack on its Banks’ Integrated Reporting Dictionary (BIRD), which it uses to provide bankers with information on how to produce statistical and supervisory reports.
But it added malware had been injected on the server hosting the site, adding that the email addresses, names and titles of the subscribers of the BIRD newsletter might have been stolen.
An ECB spokesman added the earliest evidence found of the attack dated back to December 2018, meaning it had gone undetected for months before being uncovered during maintenance work.
“The ECB is contacting people whose data may have been affected, the ECB said. “The breach succeeded in injecting malware onto the external server to aid phishing activities.”
Launched in 2015, BIRD was a joint initiative of the Eurosystem of euro zone central banks and the banking industry. Participation in it was voluntary but its content was made available to all interested parties.
The ECB said BIRD was hosted by a third-party provider and was separate from any other ECB system.
“Neither ECB internal systems nor market-sensitive data were affected,” the ECB said.
Central banks from Malaysia to Ecuador have been targeted by hackers in recent years. One of the world’s biggest ever cyber heists took place in 2016 when fraudsters stole $81 million from the central bank of Bangladesh’s account at the New York Fed using fraudulent orders on the SWIFT payments system.
Reporting by Francesco Canepa; Editing by Kevin Liffey and David Holmes