The European Banking Authority’s email servers have been compromised in a global Microsoft Exchange cyber-attack.

The EU body said personal data may have been accessed from its servers. And it had pulled its entire email system offline while it assessed the damage.

“The EBA is working to identify what, if any, data was accessed,” it said.

Microsoft Exchange servers are widely used for email by major businesses and governments. But few organisations have yet admitted being hit by the attack.

What happened?

The cyber-attack had exploited a vulnerability in Microsoft’s Exchange email system – or sometimes used stolen passwords – to look like someone who should have access to the system, Microsoft said.

Then, it would take control of the email server remotely – and steal data from the network.

US officials warned at the weekend the attack remained an “active threat”.

“Everyone running these servers – government, private sector, academia – needs to act now to patch them,” White House press secretary Jan Psaki said.

Microsoft believes a Chinese state-sponsored attacker called Hafnium is behind the hack.

But China denies any involvement.

The US National Security Council said compromised companies needed to take further steps – and encouraged all organisations to identify whether they had been affected.