Hackers target ECB’s BIRD website; steal personal data of subscribers

Hackers target ECB’s BIRD website; steal personal data of subscribers

ecb-website-breach

The European Central Bank (ECB) announced on Thursday that unknown hackers recently infiltrated one of its websites and stole names, addresses, and position titles of 481 subscribers of its Banks’ Integrated Reporting Dictionary (BIRD) newsletter.

In a press release, ECB said that hackers infiltrated the BIRD website after injecting a malware onto the external server to aid phishing activities. It is unclear when exactly the intrusion took place but ECB claims that the breach was detected during regular maintenance work.

Fortunately, the BIRD website is physically separate from other external or internal ECB systems and therefore, its breach did not impact the organisations’ IT infrastructure. The website was managed by a vendor and was used to provide the banking industry with details on how to produce statistical and supervisory reports. Following the discovery of the breach, ECB has shut the website down until further notice to take corrective measures.

“The breach and its consequences are minuscule compared to most of the other breaches that have occurred in 2019. However, the nature of the breach and the time it took to detect it are quite alarming. The question is how many more breaches of ECB and its externalized systems have not yet been discovered, and what will the impact be?” asked Ilia Kolochenko, founder and CEO of ImmuniWeb.

Error by third-party vendor impacting security credentials of ECB

“Third-parties with unknown volumes of sensitive data are the Achilles’ Heel of holistic cybersecurity. Organisations should ensure comprehensive visibility and up-to-date inventory of their digital assets, as you cannot protect what you are can’t see.

“Third-party risk management including verification of how do they enforce applicable data protection policies is another vital though widely ignored task. Finally, a continuous security monitoring should be implemented for all public-facing web applications hosted internally, externally or in the cloud,” he added.

In October last year, the Financial Conduct Authority (FCA) issued a fine of £16,400,000 to Tesco Bank for failing to prevent a data breach in November 2016 that resulted in the loss of £2.26 million of customers’ money.

The financial watchdog said in a statement that deficiencies in Tesco Bank’s design of its debit card, in its financial crime controls, and in its Financial Crime Operations Team as well as a series of errors committed by the bank after the breach was detected resulted in customers losing millions.

The FCA concluded that because of such errors, the breach caused inconvenience and distress to a large proportion of Tesco Bank’s debit card customers, resulted in 668 unpaid direct debits on customers’ accounts, stopped customers from carrying out their banking activities for over 48 hours, and also resulted in hackers netting £2.26 million from Tesco Bank’s personal customer accounts.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]