Hackers claimed to have breached the systems of the Belgian credit provider Elantis and threatened to publish confidential customer information if the bank does not pay
The hackers claim to have captured login credentials and tables with online loan applications which hold data such as full names, job descriptions, contact information, ID card numbers and income figures. They demanded a payment of "the equivalent of roughly
"While this could be called 'blackmail,' we prefer to think of it as an 'idiot tax' for leaving confidential data unprotected on a Web server," they said.
The hackers contacted the bank via email last Friday, said Moniek Delvou, spokeswoman for Belfius Bank (formerly known as Dexia), Elantis' parent company. "We assume they possibly captured the data of 3,700 customers," Delvou said, adding that the compromised data could belong to existing and potential customers. Elantis customers were informed of the data breach, according to Delvou.
After finding out what happened the Elantis site was taken offline and the bank contacted the Belgian Federal High Tech Crime Unit which is now investigating the case, Delvou said. An unnamed specialized American security firm is also conducting an investigation, she added.
"We are not prepared to pay," Delvou said. "We don't like blackmail."
The hackers did not specify in what way Elantis should pay the
The Federal High Tech Crime Unit could not immediately comment on the pending investigation. The hackers could not be contacted.
Loek covers all things tech for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com