“There had been a breach of the security protecting a database serving its public website,” ECB said in astatement on Thursday. “This led to the theft of email addresses and other contact data left by people registering for events at the ECB.”
Around 20,000 email addresses were stolen, according to media reports.
The hacked database serves the public website and gathers registrations for conferences and other visits. It is “physically separate from any internal ECB systems.”
The bank was not aware of the theft, and only found out about the stolen data after the perpetrator sent an anonymous email, demanding a reward in exchange for the information.
The ECB refused to go along with the scheme and did not reveal how much money was requested.
The majority of the stolen information was encrypted, such as data on downloads from the ECB website. But personal information, such as email addresses, phone numbers, and home addresses were not protected by an encryption.
The bank will contact people whose data might have been stolen. Meanwhile, “all passwords have been changed on the system as a precaution” and “security experts have addressed the vulnerability.”
The cyber attack did not compromise internal systems or market sensitive data, according to the statement.
German police have opened an investigation into the matter.