The European Central Bank (ECB) has admitted that its website has been hacked, with unencrypted personal contact details stolen, including email and mailing addresses, as well as phone numbers.
However, internal systems were not breached, claimed the ECB in a statement, and "no market sensitive data [was] compromised".
The statement went on to say that the only part that was breached involved events, not market data, belonging to individuals who had signed up on the ECB's website to attend conferences, visits and summits. The hackers had cracked a database of some 20,000 addresses in the process.
"The database serves parts of the ECB website that gather registrations for events such as ECB conferences and visits. It is physically separate from any internal ECB systems," claimed the statement.
It continued: "The theft came to light after an anonymous email was sent to the ECB seeking financial compensation for the data. While most of the data were encrypted, parts of the database included email addresses, some street addresses and phone numbers that were not encrypted. The database also contains data on downloads from the ECB website in encrypted form."
Police in Frankfurt, Germany, where the ECB is based, are now investigating, while the ECB says that it will contact people affected directly to warn them. The Financial Times suggested that the hackers had planned to use the attack in an attempt to extort money from the organisation.
It is unclear how the breach took place, but the evidence indicates some form of SQL injection attack enabling the attackers to access a web-facing database.