A group of hackers have released a statement in which they claimed to broken into servers of Elantis, a Belgian credit provider owned by Dexia. They also demanded that the bank pay 150,000 EUR ($196,000) before May 4 of they will leak all the customers data.
“In addition to database tables containing data such as internal login credentials, we downloaded numerous tables which contain Internet loan applications, as well as fully-processed applications. Those tables hold highly-sensitive data such as the applicants’ full names, their jobs, ID card numbers, contact information and details about their income,” Hackers posted online.
Hackers also claim that they are not blackmailing anyone. They are just demanding an “idiot tax” from bank for leaving secure data unprotected on the company server.
“It is worth pointing out that this data was left unprotected and unencrypted on Elantis’ servers,” hacker says the statement, adding: “While this could be called ‘blackmail,’ we prefer to think of it as an ‘idiot tax’ for leaving confidential data unprotected on a Web server.”
“The only question that remains now is this — After they carelessly treated their clients’ data, will Dexia act to prevent their clients’ data from being published online, or is their clients’ confidentiality worth less to them than EUR 150,000?” they added.
They have also posted a small part of obtained data to prove that their claim is not just a statement. Hacker also claimed that Elantis took down its public-facing website after the breach which is also correct and website is still offline.
Bank also confirms data breach and said that they are investigating the incident. The bank has told the press that they are not prepared to pay. That they don’t like blackmail.