Last Updated on August 7, 2015

Last week I stumbled upon several posts (which some keep on sharing) about a mysterious cyber attack against the European Central Bank, allegedly notified on July, the 24th, 2014. All these sources, which I prefer not to report for courtesy reasons (but you can find them pretty easily), have in common an (old) statement from the European institution itself. Few lines that provide some additional scant details about the phantom cyber attack and also outline an extortion attempt:

  • Email addresses and contact data stolen from public ECB website

  • Theft was from database that is separate from any internal system

  • No market sensitive data compromised

The European Central Bank (ECB) said on Thursday there had been a breach of the security protecting a database serving its public website. This led to the theft of email addresses and other contact data left by people registering for events at the ECB.

No internal systems or market sensitive data were compromised. The database serves parts of the ECB website that gather registrations for events such as ECB conferences and visits. It is physically separate from any internal ECB systems.

The theft came to light after an anonymous email was sent to the ECB seeking financial compensation for the data {….}

A single number can change many things, most of all after a superficial reading. So if the statement is reported “as is”, and its date is not even read completely, it turns out that this attack was definitely notified by the ECB on July, the 24th, but unfortunately it was more than one year ago: July 24, 2015!

I understand that reporting breaches is useful to raise the awareness (and for someone also useful to promote the proposition of security services), but please, check the accuracy of the source (and the accuracy of the date) before crying wolf! The real breaches are already enough!


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.