Hackers blackmail Belgian bank with threats to publish customer data

The hackers call their €150,000 demand an "idiot tax" because the information was unencrypted on the bank's web server

Hackers claimed to have breached the systems of the Belgian credit provider Elantis and threatened to publish confidential customer information if the bank does not pay €150,000 (US$197,000) before Friday, May 4, they said in a statement posted to Pastebin. Elantis confirmed the data breach on Thursday, but the bank said it will not give in to extortion threats.

The hackers claim to have captured login credentials and tables with online loan applications which hold data such as full names, job descriptions, contact information, ID card numbers and income figures. They demanded a payment of "the equivalent of roughly €150,000", with which Elantis could prevent the publication of confidential customer information, they said in a Pastebin post published on Tuesday. According to the hackers the data was stored unprotected and unencrypted on the servers. To prove the hack, parts of what they claimed to be captured customer data were published.

"While this could be called 'blackmail,' we prefer to think of it as an 'idiot tax' for leaving confidential data unprotected on a Web server," they said.

The hackers contacted the bank via email last Friday, said Moniek Delvou, spokeswoman for Belfius Bank (formerly known as Dexia), Elantis' parent company. "We assume they possibly captured the data of 3,700 customers," Delvou said, adding that the compromised data could belong to existing and potential customers. Elantis customers were informed of the data breach, according to Delvou.

After finding out what happened the Elantis site was taken offline and the bank contacted the Belgian Federal High Tech Crime Unit which is now investigating the case, Delvou said. An unnamed specialized American security firm is also conducting an investigation, she added.

"We are not prepared to pay," Delvou said. "We don't like blackmail."

The hackers did not specify in what way Elantis should pay the €150,000, and after the email sent last Friday there has been no contact between the hackers and the bank, she said. Elantis plans to put its site back online when it is deemed secure enough, according to Delvou.

The Federal High Tech Crime Unit could not immediately comment on the pending investigation. The hackers could not be contacted.

Loek covers all things tech for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Loek Essers

IDG News Service

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?