Few would’ve dreamt that the European Central Bank’s (ECB) records were at risk of being hacked. But just a few days ago this month, the ECB admitted that hackers had indeed penetrated through its security and accessed the Banks’ Integrated Reporting Dictionary (BIRD) website.
It’s not clear yet who was behind the attack. The ECB refused to name the attackers and only referred to the criminals as ‘unauthorised parties’.
What exactly were the hackers after?
Data is a very sought-after commodity and there’s lots of things that criminals can do with valuable data that they access illegally. Committing fraud with the data or impersonating the victim is a common tactic.
The ECB admitted that the contact data (but not the passwords) of some 481 subscribers to the BIRD newsletter were potentially accessed.
Effectively, email addresses, names and position titles of subscribers had been possibly compromised. The ECB said that it will be contacting those who it believed had their data affected by the breach and that it would shut down the affected site.
The ECB has since also made assurances that The European Data Protection Supervisor had been informed about the breach.
The BIRD website provided an important service. The ECB explained that it provides the banking industry with details on how to produce statistical and supervisory reports and the hack came to light after some maintenance work was conducted.
The breach had been conducted after hackers succeeded in injecting malware onto the external server and the ECB fears that the information could be used in phishing activities.
Phishing is the fraudulent practice where criminals pose as legitimate entities or individuals and send emails to unsuspecting victims. Some phishing emails are made to look so realistic that people get fooled into believing that the sender was a real person or company. This often leads to their personal information being stolen too – or worse, their money.
It’s not the first time that the ECB has suffered an attack of this nature. Five years ago, in July 2014, it announced the theft of contact information. This time it said the theft emerged after an anonymous email was sent to it asking for financial compensation in exchange for the data.
Are we all vulnerable?
The ECB does say in its statement that it takes data security extremely seriously. But this recent potential data breach does make some whether it’s doing enough to avert attacks of this nature now and in the future.
But in asking this question are we not perhaps being too harsh? The ECB is, after all, not the only organisation to have suffered a breach recently.
Just typing in ‘data breaches UK’ or simply ‘data breach’ into search engines sets off a whole list of British companies and other international companies that have been victims of cyber criminals, including Equifax, British Airways, Facebook, JP Morgan Chase and Uber.
Companies have been fined millions of dollars for failing to safeguard their data by regulators. However, we’re bound to see many such compromises in the future. It won’t be for the lack of trying to keep data secure.
Why? It’s clear that hackers are after access to data held by financial institutions or even companies that hold realms of customer data such as BA and Facebook. It’s going to be difficult to outsmart these hackers.
The only way to mitigate data breaches is to continue to invest in training, security and to hire the right expertise. This should be the case especially when we know we fall short of the expertise necessary within our own business. It’s no longer safe to say ‘it won’t happen to us’.