The European Central Bank (ECB) shut down a website after it was hacked and infected with malicious software.
The ECB said no market-sensitive data was compromised during the attack on its Banks’ Integrated Reporting Dictionary (BIRD), which provides bankers with information on statistical and supervisory reports.
It added malware was injected to the server hosting the site, adding email addresses, names and titles of subscribers to the BIRD newsletter might have been stolen.
An ECB spokesman said the earliest evidence found of the attack dated back to December 2018, meaning it went undetected for months before being uncovered during maintenance work.
“The ECB is contacting people whose data may have been affected, the ECB said. “The breach succeeded in injecting malware onto the external server to aid phishing activities.”
Launched in 2015, BIRD is a joint initiative of the Eurosystem of Euro zone central banks and the banking industry. Participation is voluntary but its content is available to interested parties.
The ECB said BIRD was hosted by a third-party provider and separate from other ECB systems.
“Neither ECB internal systems nor market-sensitive data were affected,” the ECB said.