Hackers Attempt to Blackmail Belgian Credit Provider - Security - News & Reviews - eWeek.com | eWeek

Hackers Attempt to Blackmail Belgian Credit Provider

Écrit par
Brian Prince
Brian Prince
May 4, 2012
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Hackers are attempting to extort Belgian credit provider Elantis after claiming to have breached the company’s systems.

In a statement on Pastebin, the hackers threatened to publish customer information if the bank does not pay ‚¬150,000 (US$197,000) before today. According to reports, Elantis confirmed the data breach on Thursday, but is refusing to give in to the blackmail attempt.

The hackers say they have obtained log-in credentials and tables with online loan applications holding a variety of data, including names, job descriptions and income information. The hackers claimed the data was stored unencrypted on the company’s servers.

“While this could be called ‘blackmail,’ we prefer to think of it as an ‘idiot tax’ for leaving confidential data unprotected on a Web server,” the statement said.

The only question that remains now, the statement continued, €œis after they carelessly treated their clients’ data, will Dexia act to prevent their clients’ data from being published online, or is their clients’ confidentiality worth less to them than EUR 150,000?”

Belfius, the parent company that owns Elantis, told ZDNet UK today that it had informed the Federal Computer Crime Unit in Brussels as well as local police in Liege of the situation. Up to 3,700 customers and brokers may have been affected, and they have been informed of the probable breach, according to the bank.

“We say this is blackmail,” Belfius spokeswoman Moniek Delvou told ZDNet UK. “The ransom has to be paid today… We will not pay.”

The hackers initially sent Elantis an email last Friday telling the company they had possession of information about Elantis brokers and customers, and then demanded payment. Elantis responded by shutting down its servers, Delvou reportedly told ZDNet UK.

Mark Bower, vice president at data security firm Voltage Security, questioned why the confidential data was not encrypted.

“Financial institutions are under many data privacy regulations€”encryption being a requirement for making sure that in the event of a breach, the stolen data is actually useless to the hacker, which would have diffused a situation like this,” he said.

“Cases like this continue to raise awareness of the shortcomings of traditional infrastructure security in keeping sensitive data safe. The strategy should have been to protect the data end-to-end €¦ After a breach like this, the expensive and disruptive consequences are just starting and will continue for a long time, including extensive audits, remediation, loss of customer confidence, regulation fines and more,€ Bower said.

“The sad reality here is that the real victim is the bank’s customers, not the bank,” said Carole Theriault, senior security consultant at Sophos, in a blog post. “It is the customer data that is at risk. Their only fault was partnering with the wrong bank at the wrong time.”

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.