A group of unidentified hackers recently posted a document on Pastebin, addressed to the media, threatening to publish sensitive data from Elantis, the credit division of Belgium's Belfius Bank (formely Dexia Bank) if they don't receive approximately 150,000 Euros by Friday.
"While this could be called 'blackmail,' we prefer to think of it as an 'idiot tax' for leaving confidential data unprotected on a Web server," the hackers wrote. "The only question that remains now is this -- After they carelessly treated their clients' data, will Dexia act to prevent their clients' data from being published online, or is their clients' confidentiality worth less to them than EUR 150,000?"
"The data -- a sample of which has been posted in the message -- apparently includes loan applications featuring full names, job descriptions, ID card numbers, contact information and income details,' Finextra reports.
"The hackers contacted the bank via email last Friday, said Moniek Delvou, spokeswoman for Belfius Bank (formerly known as Dexia), Elantis' parent company," writes Computerworld's Loek Essers. "'We assume they possibly captured the data of 3,700 customers,' Delvou said, adding that the compromised data could belong to existing and potential customers. Elantis customers were informed of the data breach, according to Delvou. After finding out what happened the Elantis site was taken offline and the bank contacted the Belgian Federal High Tech Crime Unit which is now investigating the case, Delvou said."
"The bank says it will not pay blackmail, which is just as well as it seems the hackers didn’t give them any instructions as to how they were supposed to make the payment," DataBreaches.net reports. "It may well be that the hackers’ threat was just to call more attention to the bank’s lack of security for their data, but just making the threat could add years to any sentence if/when the hackers are caught."