Belgian bank blackmailed by hackers threatening to expose customer data

Filed Under: Data loss, Law & order, Vulnerability

bag_full_of_moneyHackers say they have broken into Elantis, a Belgian credit provider owned by Dexia, and demand payment of €150,000 (US$197,000).

If Elantis doesn't pay up before tomorrow (May 4), say the hackers, they will publish confidential customer information, reports PCWorld.

According to Softpedia, the hackers have stated the following:

"In addition to database tables containing data such as internal login credentials, we downloaded numerous tables which contain Internet loan applications, as well as fully-processed applications. Those tables hold highly-sensitive data such as the applicants' full names, their jobs, ID card numbers, contact information and details about their income"

The bank confirmed the data breach on Thursday, though it stated that it will not give in to extortion threats.
blackmail wordle

Softpedia quote the hackers, "While this could be called 'blackmail,' we prefer to think of it as an 'idiot tax' for leaving confidential data unprotected on a Web server."

Now, I have no problem with third-parties contacting legitimate sites to alert them to network insecurities. Improving security is a good thing, and there are a lot of sites out there harbouring vulnerabilities and less-than-ideal security measures.

And I also get that this threat of pushing out customer data is an embarrassing one for the banks. But, doesn't the simple act of blackmailing lower you to yuckiest societal rungs?

The sad reality here is that the real victim is the bank's customers, not the bank. It is the customer data that is at risk. Their only fault was partnering with the wrong bank at the wrong time.

The bank has told the press that they are not prepared to pay. That they don't like blackmail.

Let's hope that whatever the outcome of this scenario, Elantis likes security and will address its security deficiencies. And they also better figure out a way to make it up to their customers whose identities are currently at risk.

Briefcase full of money image courtesy of Shutterstock
wordle image courtesy of Shutterstock

, , , , , ,

You might like

3 Responses to Belgian bank blackmailed by hackers threatening to expose customer data

  1. T. Anne · 1251 days ago

    Instead of just posting all the confidential data on the web for just anyone to use... which is the easiest thing to do... that's just hurting the customers. So I think they should contact each of the customers they have info on (if they have address or email type contact info) and let them know their info have been lost by the bank... if everyone pulls out their money or starts complaining - maybe then the bank will do something.

    Yes, if I was contacted with someone who could tell me all my info that is not freely shared I'd be up in arms, and the bank would not only be losing my business but paying for identity protection as well.

  2. sem3bash · 1250 days ago

    I think they will not publicize this information. They should use it instead.

  3. Kevin · 1250 days ago

    That would be quite the clever move; contacting the customers and let them know what happened and they withdraw everything and bank collapses?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Hi. I am a social, brand and communications expert with 10 years in senior roles in the tech space. I'm currently Sophos' s Global Director of Social Media and Communities. Proudest work achievement? Creating and launching award-winning Naked Security. Outside work, I am a mean cook, an avid reader, a chronic insomniac, a podcast obsessive and blogger .