Hackers blackmail Belgian bank with threats to publish customer data
The hackers call their demand an "idiot tax" because the information was unencrypted on the bank's web server
IDG News Service - Hackers claimed to have breached the systems of the Belgian credit provider Elantis and threatened to publish confidential customer information if the bank does not pay $197,000 before Friday, they said in a statement posted to Pastebin. Elantis confirmed the data breach Thursday, but the bank said it will not give in to extortion threats.
The hackers claim to have captured login credentials and tables with online loan applications which hold data such as full names, job descriptions, contact information, ID card numbers and income figures. They demanded a payment of "the equivalent of roughly 150,000 euros," with which Elantis could prevent the publication of confidential customer information, they said in a Pastebin post published on Tuesday. According to the hackers the data was stored unprotected and unencrypted on the servers. To prove the hack, parts of what they claimed to be captured customer data were published.
"While this could be called 'blackmail,' we prefer to think of it as an 'idiot tax' for leaving confidential data unprotected on a Web server," they said.
The hackers contacted the bank via email last Friday, said Moniek Delvou, spokeswoman for Belfius Bank (formerly known as Dexia), Elantis' parent company. "We assume they possibly captured the data of 3,700 customers," Delvou said, adding that the compromised data could belong to existing and potential customers. Elantis customers were informed of the data breach, according to Delvou.
After finding out what happened the Elantis site was taken offline and the bank contacted the Belgian Federal High Tech Crime Unit which is now investigating the case, Delvou said. An unnamed specialized American security firm is also conducting an investigation, she added.
"We are not prepared to pay," Delvou said. "We don't like blackmail."
The hackers did not specify in what way Elantis should pay the money, and after the email sent last Friday there has been no contact between the hackers and the bank, she said. Elantis plans to put its site back online when it is deemed secure enough, according to Delvou.
The Federal High Tech Crime Unit could not immediately comment on the pending investigation. The hackers could not be contacted.
Loek covers all things tech for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to email@example.com
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Infographic: Converged Infrastructure Benefits This Infographic quantifies the savings organizations are realizing from increased deployment speed, higher availability, and lower annual costs.
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- Going Paperless? Here's What You Need to Think About As makers of some of the world's most popular PDF solutions, we often consult with businesses & governmental agencies that have the goal...
- The Big Data Opportunity for HR and Finance If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
Enhance Your Virtualization Infrastructure With IBM and Vmware
Date: Wednesday, May 14, 2014, 1:00 PM EDT
Virtualization technology is now expanding beyond the server compute elements to encompass networking and storage...
Transforming Finance, Procurement and Supply Chain Effectiveness with Cross-Functional Analytics
Date: May 6th, 2014
Time: 1 PM EDT
Attend this Webcast to find out how Oracle's packaged analytic applications enable line-of-business managers to examine all...
All Cybercrime and Hacking White Papers |