Scam emails asked users of the registries to log on to a website and disclose their user identification code and password.
Some fraudulent transactions were carried out but the security of the Community Registry and the Community Independent Transaction Log was not compromised.
The widespread ‘phishing’ attack on users of EU ETS registries took place on 28 January.
Alerted by The Netherlands and Norway, the Commission informed all EU member states and asked them to take appropriate security measures immediately.
Although member states reacted promptly, a limited number of fraudulent transactions were performed, as the website used the European Commission’s visual identity and appeared genuine.
The Commission is actively supporting member states in their investigations of these transactions.
The Commission also started immediate investigations of the offending website and is working on closing it permanently.
In the light of the attack, the Commission intends to review the ETS registries’ security measures and will prepare revised security guidelines, as well as an action plan for possible future incidents.
This follows the proposed new legislative security measures to prepare for the inclusion of the aviation sector in the Community Registry in 2012.