The EBA had said in a statement on Sunday that it had taken its email systems offline as a precaution, noting that access to personal data held on servers “may have been obtained by the attacker”.