Hackers say they have broken into Elantis, a Belgian credit provider owned by Dexia, and demand payment of €150,000 (US$197,000).
If Elantis doesn't pay up before tomorrow (May 4), say the hackers, they will publish confidential customer information, reports PCWorld.
According to Softpedia, the hackers have stated the following:
"In addition to database tables containing data such as internal login credentials, we downloaded numerous tables which contain Internet loan applications, as well as fully-processed applications. Those tables hold highly-sensitive data such as the applicants' full names, their jobs, ID card numbers, contact information and details about their income"
The bank confirmed the data breach on Thursday, though it stated that it will not give in to extortion threats.
Softpedia quote the hackers, "While this could be called 'blackmail,' we prefer to think of it as an 'idiot tax' for leaving confidential data unprotected on a Web server."
Now, I have no problem with third-parties contacting legitimate sites to alert them to network insecurities. Improving security is a good thing, and there are a lot of sites out there harbouring vulnerabilities and less-than-ideal security measures.
And I also get that this threat of pushing out customer data is an embarrassing one for the banks. But, doesn't the simple act of blackmailing lower you to yuckiest societal rungs?
The sad reality here is that the real victim is the bank's customers, not the bank. It is the customer data that is at risk. Their only fault was partnering with the wrong bank at the wrong time.
The bank has told the press that they are not prepared to pay. That they don't like blackmail.
Let's hope that whatever the outcome of this scenario, Elantis likes security and will address its security deficiencies. And they also better figure out a way to make it up to their customers whose identities are currently at risk.