Last week a group of hackers accessed the servers of Elantis, a mortgage and consumer credit unit of the Belgium-based Dexia bank (recently rebranded as ‘Belfius’). According to their Pastebin announcement , the hackers downloaded “database tables containing data such as internal login credentials” and “numerous tables which contain Internet loan applications, as well as fully-processed applications.”
Getting hacked is now an occupational hazard for any website, and many security experts say that once targeted, it is inevitable. However, what will concern regulators is the hackers’ claim that “this data was left unprotected and unencrypted on Elantis' servers.” The hackers are demanding payment of ‘the equivalent of roughly €150,000’ before tomorrow, Friday 4th May.
Belfius has not denied the breach, but stresses that the Elantis servers (taken off-line by the bank following the breach) are separate to the Belfius bank servers. In a statement to Reuters, spokeswoman Monique Delvou said the data concerned was information entered by individuals or brokers seeking mortgages or consumer credit. She says the information cannot be used to commit fraud, although the claims of the hackers, and sample posted by them, suggests they have obtained full names, email addresses, job descriptions, ID card numbers, contact information and income details.
Belfius states that it will not respond to blackmail, and that it has filed a complaint with the police. ‘People whose data was possibly seen will receive a letter with information and our apologies,’ said Delvou.