Loan application data held by AFC Kredieten hacked by Rex Mundi, company responds: Meh, not our customers
Jennifer Baker reports:
Hacker collective Rex Mundi has stolen 24,000 financial records from Belgian loan company AFC Kredieten, it claims, and if the company doesn’t pay up before Friday at 8pm, it will publish every loan applicant record in its possession.
As proof that they have successfully hacked the company, Rex Mundi has already published some personal accounts and left a banner notification on the AFC Kredieten website.
As of the time of this posting, their home page is gone and replaced with a default Plesk page.
AFC Kredieten needs a serious attitude adjustment, it seems, as they appear to consider only themselves the victim and did not express any concern for those who provided their details in the hopes of securing loans. Baker reports:
A spokeswoman for AFC Kredieten, when asked if customers whose data had been stolen had been informed, replied: “They are not our customers. They are applicants, we had not necessarily organised a loan for them yet. AFC Credits is the victim here. What that group did is illegal and writing about it would be against the law.”
She also said that there would not be any reputational damage to the company if the records were published.
Read more on The Register.
“Writing about it would be against the law?” I’m calling bullshit on that, oh unnamed spokeswoman. Come after me if you think otherwise. And if you think your company’s reputation can’t be harmed by bad press or outrage on Twitter, think again.
In the meantime, this is not the first Belgian entity Rex Mundi has gone after. Has the Belgian Privacy Commission done anything to any of the companies with inadequate security that Rex Mundi has exposed?