Hackers hold Belgian bank to ransom

Powered by SC Magazine
 

Ransom refused: 'We don't like blackmail'.

A group that hacked into the credit division of a European bank is demanding payment to not release customer data.

In a Pastebin statement, it said it downloaded extensive confidential customer information from Elantis, a Belgian credit provider owned by Dexia, last week.

This included data such as internal login credentials, online loan applications and fully processed applications, and featured "applicants' full names, their jobs, ID card numbers, contact information and details about their income.

It is worth pointing out that this data was left unprotected and unencrypted on Elantis's servers”, the group said.

It said it contacted Dexia "to offer them not to publicly release this data over the internet if they agreed to pay us the equivalent of roughly €150,000 ($A192,000)".

The deadline has passed without the ransom paid.

“While this could be called ‘blackmail', we prefer to think of it as an ‘idiot tax' for leaving confidential data unprotected on a web server,” it said.

Corero Network Security vice-president Ashley Stephenson said the incident demonstrated the need for organisations to proactively prepare for cyber attacks.

"The alleged ransom of €150,000 is almost immaterial compared with the commercial impact on the reputation of the bank by it having to admit to the security breach."

“The cost of the breach will only get worse if customer data is actually released and exploited by cyber criminals. Whether or not the bank chooses to pay the ransom, the damage is already done.”

Belfius Bank (formerly Dexia) spokeswoman Moniek Delvou told PCWorld the compromised data could involve 3700 potential and existing customers.

She said customers were informed of the data breach and the Elantis site was taken offline; the Belgian Federal High Tech Crime Unit and an American security firm are conducting an investigation, she added.

“We are not prepared to pay. We don't like blackmail,” Delvou said.

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, UK edition


Hackers hold Belgian bank to ransom
 
 
 
Top Stories
NBN Co names first 140 FTTN sites
National trial extended.
 
Cloud, big data propel bank CISOs into the boardroom
And this time, they are welcome.
 
Photos: A tour of CommBank's new innovation lab
Oculus Rift, Kinect and more.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  25%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  23%
 
End user computing (desktops, mobiles, apps)
  12%
 
Software development
  27%
TOTAL VOTES: 225

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  63%
 
No
  37%
TOTAL VOTES: 67

Vote