The European Central Bank (ECB) admitted Thursday that a security breach has led to the theft of personal data.
The central bank for the euro announced that a database linked to its public website has been compromised, resulting in the theft of personal data related to people registering for events at the ECB via the organization's website.
A cybercriminal was able to penetrate a database storing details of people who had registered for conferences, visits and other events, but the database is physically separate from internal ECB systems. According to the ECB, "no internal systems or market sensitive data were compromised," however email addresses, physical addresses and phone numbers were stolen.
The ECB said most of the data was encrypted, but the contact information of registrants was not. According to the BBC, approximately 20,000 email addresses and a smaller number of phone numbers and physical addresses were lifted. Also stolen, in encrypted form, was "data on downloads from the ECB website."
The theft came to light after an anonymous email was sent to the ECB demanding money in exchange for the data.
The organization is now contacting people whose email addresses or other data might have been compromised, all passwords have been changed on the system as a precautionary measure, and ECB security staff have addressed the vulnerability responsible.
"The ECB takes data security extremely seriously," the organization said. "German police have been informed of the theft and an investigation has started."