The attack is part of a widespread assault on organisations running Microsoft Exchange servers.
Microsoft has issued emergency patches, but many believe servers could have been backdoored by criminals.
The EBA says is has “swiftly launched a full investigation” in close cooperation with Microsoft, a team of forensic experts and “other relevant entities”.
It adds personal data through emails held on its services may have been obtained by the hackers.