Hackers had access for months to the contact information of hundreds of financial industry subscribers to a European Central Bank newsletter, the Frankfurt institution said Thursday.
“Unauthorised parties… breached the security measures protecting (the ECB’s) Banks’ Integrated Reporting Dictionary (BIRD) website,” the bank said in a statement.
“It was possible that the contact data of 481 subscribers to the BIRD newsletter may have been captured,” the ECB added, saying email addresses, names and positions were potentially leaked.
An ECB spokesman told AFP the hackers had been present in the BIRD system since at least December last year, which only “came to light during regular maintenance work”.
BIRD is a service coordinated by the central bank’s supervision arm, which oversees over 100 of the biggest and most important lenders in the 19 eurozone countries.
The website supports banks in gathering and organising information for submission to ECB supervisory teams.
Private lenders and eurozone national central banks work together to hash out the data and processing rules needed to meet regulatory reporting requirements, which have grown in complexity since the financial crisis and the ECB’s taking over supervision in 2014.
The ECB said that while the hackers did not have access to sensitive information like passwords, it was contacting people potentially affected to let them know.
Since the website was run on an external server separate from other ECB computers, “neither ECB internal systems nor market-sensitive data were affected,” the bank said.