Hackers claimed that they have managed to gain unauthorized access to the servers of Elantis, a Belgian credit card provider owned by Dexia. Hackers demand that the bank pay them €150,000 (US$197,000) before May 4, or they will make the customer data they obtained public.
Hackers also leaked sample data from Elantis’ database, including loan applications featuring full names, job descriptions, ID card numbers, contact information and income details in order to prove the unauthorized access.
“In addition to database tables containing data such as internal login credentials, we downloaded numerous tables which contain Internet loan applications, as well as fully-processed applications. Those tables hold highly-sensitive data such as the applicants' full names, their jobs, ID card numbers, contact information and details about their income,”Hackers said in the pastebin release.
The hackers claimed that this is not blackmail. Instead, the bank has to pay what they call an “idiot tax” for leaving sensitive data unprotected on a web server.
“The only question that remains now is this -- After they carelessly treated their clients' data, will Dexia act to prevent their clients' data from being published online, or is their clients' confidentiality worth less to them than EUR 150,000?” Hackers explained.
The Elantis Web site is currently unavailable after the bank disconnected its server in the wake of the attack.
Dexia has yet to respond to a request for comment but a spokeswoman told Reuters (Dutch language) that Elantis will not give in to blackmail, the police have been called in and any data stolen could not be used to commit fraud.
Hackers also leaked sample data from Elantis’ database, including loan applications featuring full names, job descriptions, ID card numbers, contact information and income details in order to prove the unauthorized access.
“In addition to database tables containing data such as internal login credentials, we downloaded numerous tables which contain Internet loan applications, as well as fully-processed applications. Those tables hold highly-sensitive data such as the applicants' full names, their jobs, ID card numbers, contact information and details about their income,”Hackers said in the pastebin release.
The hackers claimed that this is not blackmail. Instead, the bank has to pay what they call an “idiot tax” for leaving sensitive data unprotected on a web server.
“The only question that remains now is this -- After they carelessly treated their clients' data, will Dexia act to prevent their clients' data from being published online, or is their clients' confidentiality worth less to them than EUR 150,000?” Hackers explained.
The Elantis Web site is currently unavailable after the bank disconnected its server in the wake of the attack.
Dexia has yet to respond to a request for comment but a spokeswoman told Reuters (Dutch language) that Elantis will not give in to blackmail, the police have been called in and any data stolen could not be used to commit fraud.