Data Breach During Sale of 2-Euro Coin in Cyprus: How to Avoid Server Crashes
By Sebastian Wieschowski
A small eurozone country and a 2-euro commemorative coin with a small mintage – this combination has repeatedly triggered technical chaos and collector frustration in recent years. However, particularly popular issuing countries like Monaco, Croatia, or Portugal have upgraded their systems in recent years and prepared their online shops for a rush of buyers – with additional server capacity or virtual waiting rooms.
Content
The object of desire – and frustration: Cyprus issued a 2-euro commemorative coin available only in proof quality with a mini-mintage – reminiscent of Monaco. Photo: Central Bank of Cyprus
The Central Bank of Cyprus did not adopt these measures when it launched the sale of its new 2-euro coin commemorating the 20th anniversary of EU membership in late November 2024. It was clear early on that demand would be high – the coin was available exclusively in a collector’s edition in proof quality with a mini-mintage of 7,000 pieces, making it more than twice as rare as the 2-euro commemorative coins from Monaco. These coins have reliably soared from an issue price of around €100 to around €300 to €400 in recent years. So, what might happen with a coin whose mintage is more than halved and is sold for just €20?
Mini-Mintage Meets Record Demand
This could already be seen on the morning of 26 November from 6:30 a.m. Across Europe, tens of thousands of collectors were apparently waiting in front of their computers; some had, according to posts in online forums and Facebook groups, skipped work or even school to try to grab a coin at the official start of sales at 7:30 a.m. But what they saw was: nothing. The eShop of the Bank of Cyprus was unreachable for hours. It was only around noon that the user interface became temporarily visible again, but without any login or ordering options.
Apology for Any Inconvenience
Shortly afterward, the “Numismatic Service Team” issued a statement on the central bank’s website: “Due to a technical problem, the e-shop of the Central Bank of Cyprus is currently out of service. We assure you that we are making every possible effort to resolve the problem as soon as possible. We apologise for the inconvenience, and we thank you for your understanding.”
Data Protection Issue: German Collectors See International Buyers’ Data
By 1:15 p.m., the shop was finally back online – but those attempting to place an order could hardly believe their eyes: the 2-euro coin was still not listed in the shop. Instead, buyers found themselves viewing the data of random customers of the numismatic shop instead of their own accounts. For instance, the author of this article was involuntarily logged in under the name of a Serbian amateur football goalkeeper. A similar phenomenon was widely described in Facebook groups, where buyers were able to freely access the user data of other accounts.
Our editorial team member was involuntarily logged in as a Serbian amateur football goalkeeper during the order attempt. In this screenshot, the real name has been blurred. Photo: Wieschowski.
Buyers Discover a Backdoor – but the Central Bank Strikes Back
Since nothing had improved by late afternoon, some online users discovered a trick: one only needed to enter the web address (URL) for another currently available product from the online shop of the Central Bank of Cyprus and then replace the product ID in the long and cryptic code. No sooner said than done – and indeed, with this method, the coveted 2-euro coin, which was already being auctioned for several hundred euros, ended up in the shopping cart of some clever buyers. But shortly afterward came a sobering email from the central bank:
“Can you please advise where did you find the item in our e-shop to add it to your basket?”
Bad luck: Many collectors tried to obtain the sought-after coin through detours, but the sales team quickly discovered the backdoor. Photo: Wieschowski.
By the end of the day, many frustrated 2-euro collectors were left empty-handed, while others now fear that their orders may later be declared invalid. Whether the Central Bank of Cyprus will make another attempt is uncertain – meanwhile, the coins were also available on-site at the central bank in Nicosia, and some collectors reportedly waited up to six hours to get a coin. For them, the wait was worth it: the coin is currently being sold in online auctions for around €700.
Meanwhile, the online shop of the Central Bank of Cyprus remains inaccessible. In response to an inquiry from Coins Weekly, the Central Bank issued the following statement:
“As previously mentioned, we are aware of the technical issues encountered during the online sale of the 2-euro coin and are conducting a thorough investigation. We take these matters very seriously and are doing everything possible to resolve them. A significant quantity of this coin remains available, and details of the revised procedure for the online sale will be announced shortly on our website. Given your particular interest in the 2-euro coin, we will inform you accordingly. Please rest assured that a thorough review of all aspects is our highest priority as we strive to provide the best possible service to collectors and the public.”
However, the Central Bank did not comment on the data protection issue.
Reasons for a Server Crash
Why do server crashes sometimes occur during the sale of sought-after euro collector coins? Several reasons are conceivable:
- Server Overload: When the number of simultaneous accesses exceeds server capacity, delays or complete failures can occur. Shops are often optimised for normal traffic, not sudden spikes.
- Lack of Scalability: Many online shops use hosting solutions that cannot flexibly respond to growing demands, causing the infrastructure to reach its limits during a surge.
- Unprepared Databases: Large query volumes can slow down or block database access. This is particularly problematic when multiple users simultaneously try to retrieve information such as inventory or payment data.
- Programming Vulnerabilities: Non-optimised scripts, unnecessary database queries, or inefficient processes can prolong loading times and negatively impact user experience.
Strategies for a Smooth Coin Sale
Other mints have already responded to the challenge of a virtual order rush. A widely adopted solution in numismatics is so-called “queue management.” Virtual queues direct traffic in a controlled manner, preventing all users from accessing the shop simultaneously. Users are informed how long they will have to wait before it is their turn. This procedure has proven successful, for example, during Monaco’s annual 2-euro coin sales.
In addition, some mints have adopted cloud-based infrastructures or so-called Content Delivery Networks (CDNs): cloud solutions allow server capacity to be automatically scaled as needed, preventing systems from being overwhelmed by sudden traffic spikes. CDNs ease the load on the main server by distributing content such as images or scripts through a global network. As a result, the load on the online shop’s server is reduced. And if these solutions are too expensive or complicated, the good old “pre-sale” or advance reservation still works just as well.
