Credit company hackers' ransom goes unpaid
A European credit company targeted by computer hackers has reportedly ignored demands for 150,000 Euros in ransom money to protect its customers' details.
Belgian credit provider Elantis has been warned by an unknown hacking group that, unless the ransom money is paid, its customers' confidential information will be published on the internet.
In a statement on text sharing website Pastebin, the group claimed to have obtained personal information belonging to customers that had applied for one of the company’s loans.
The group said they downloaded the details by hacking into Elantis’ servers, and claim the data was unencrypted.
This could be called blackmail. We prefer to think of it as an idiot tax.
“While this could be called ‘blackmail’, we prefer to think of it as an ‘idiot tax’ for leaving confidential data unprotected on a web server,” said the group in its Pastebin entry.
“After they carelessly treated their clients’ data, [the question now is] will Dexia act to prevent [this] data from being published online, or is their clients’ confidentiality worth less than 150,000 Euros?”
The post also states that Elantis, which is owned by Belgian banking firm Dexia, was given until last Friday to stump up the money. However, the firm is understood to have missed this deadline.
Etlantis had not responded to IT Pro’s request for comment at the time of writing.
Meanwhile, Carole Theriault, head of Sophos’ Naked Security blog, said the credit company’s customers stand to lose the most from this leak.
“I have no problem with third-parties contacting legitimate sites to alert them to network insecurities,” she said in a post on the security vendor’s website.
“And I also get that this threat of pushing out customer data is an embarrassing one for the banks. But, doesn't the simple act of blackmailing lower you to [the] yuckiest [of] societal rungs?”