Financial Services // Belgium
Hacker collective Rex Mundi allegedly stole 24,000 financial records from Belgian company AFC Kredieten.
If the loan business doesn't pony up by July 17, at 8pm, the group has threatened to publish every loan applicant record in its possession.
If Rex Mundi follows through, the extortion will mark the 18th time the blackmailers have revealed business data. According to the collective, “the companies we targeted have only one thing in common: mediocre IT security protocols or poorly-designed web applications".
The group said it informed the Antwerp-based company on July 13 of the breach.
As proof Rex Mundi successfully hacked the company, the group has already published some personal accounts and left a notice on the AFC Kredieten website.
AFC Kredieten has refused to comment beyond saying it will not negotiate.
“It appears the company feels no responsibility towards loan applicants whose data was stolen through the AFC Kredieten site – as they were not yet customers,” the Register reports.
When asked if customers had been informed, a company spokeswoman replied: "They are not our customers. They are applicants, we had not necessarily organised a loan for them yet. AFC Credits is the victim here. What that group did is illegal and writing about it would be against the law."
The group, which says it has no motivation other than to make money, claims it always gives victims the opportunity to “pay up to protect the data they failed to secure from getting released or refuse to pay to clean up their own mistakes. We automatically delete all of the stolen data once a full payment has been made.”