The European Central Bank web site was hacked by an unknown group of malicious actors who were able to exfiltrate data from a conference database:
In the statement released by the ECB it states it was unaware of the attack until it was contact by an anonymous party claiming to be behind the attack. The anonymous contact then proceeded to try to extort the bank, threatening to publish the compromised data unless the bank met their demands. The ECB refused to meet the demands and is in the process of contacting the individuals affected and resetting the passwords for all users on the system.
According to the ECB’s website it “is responsible for the prudential supervision of credit institutions located in the euro area and participating non-euro area Member States, within the Single Supervisory Mechanism, which also comprises the national competent authorities.” While the ECB states no market data or internal systems were compromised by the breach it is no doubt embarrassing for an institution of this stature to become victim to such an attack.
The ECB have assured all those affected that its security experts have identified and addressed the vulnerability that led to the compromise. The ECB is also working with German police to try and track down those responsible for the attack.
If they have such poor security practices for their public facing web site I wonder how well their internal network is protected.