European Central Bank reports data breach of public website

The European Central Bank on Thursday reported a breach of its public website, saying it learned about the event after getting an anonymous email seeking financial compensation for the stolen data.

The Frankfurt, Germany-based bank said in a statement that the security protecting a database serving its public website was breached, leading to the theft of email addresses and other contact data left by people who had registered for bank events.

The bank said no internal systems or market-sensitive data was compromised. It said the database involved serves parts of its website that gather registrations for events such as its conference and visits, and that it is physically separate from any internal systems.

The bank said the theft first came to light when it received an anonymous email seeking financial compensation for the data. It said while most of the data was encrypted, parts of the database included email addresses, some street addresses and phone numbers were not. The database also contains data on downloads from the bank’s website in encrypted form, the statement said.

The bank said it is contacting people whose email addresses or other data might have been compromised, and all passwords have been changed on the system as a precaution.

German police have been informed of the theft, and an investigation has started, the bank said, while its own security experts are addressing the vulnerability as well.