Rex Mundi surfaces with new hack claims (UPDATE2)

It looks like hacking group Rex Mundi may be back. And they seem to be dumping all of the Domino’s data they claimed to have hacked back in June, plus data allegedly from hacks of Thomas Cook Belgium, Finalease Car Credit, and Mensura.

In a paste describing their activities, they write that they stole “personal records belonging to hundreds of customers who have recently applied for a car loan. Those records include the full financial history, employment details and personal data of the applicants” for car loans at Finalease Car Credit.” They offer several customer records as proof of hack.

From Thomas Cook Belgium, they allege they “stole records related to this network of travel agencies’ business partners, namely their affiliates and affiliated agencies. We will release the entire data in our possession at a later date. In the meantime, here are the contents of the company’s affiliates listing…”

For Mensura, they provided a sample of absenteeism-related requests allegedly received by the organization.

DataBreaches.net is not linking to the paste nor the data dump because of the exposed consumer personal information. This site  e-mailed Finalease and Mensura last night to seek confirmation or denial of the claimed hacks, but has gotten no response. No attempt was made to contact Thomas Cook Belgium for lack of a contact e-mail for these purposes.

As a reminder, Domino’s did contact all customers about the breach Rex Mundi claimed in June, so it’s tempting to believe the new claims, but at this point, these are just claims without confirmation. Unlike previous claimed hacks, however, there doesn’t seem to be any extortion demand involved, and the group’s paste makes no mention of anything the firms can do to avoid having their data dumped. (see CORRECTION below)

CORRECTION AND UPDATE (11/16/14): A tweet by Rex Mundi suggests that they did attempt to extort money from Mensura before they dumped some of the data:

Update 2: A Belgian site reporting on the hack, reports, “De Federal Computer Crime Unit van de federale politie, die zich over de zaken buigt, raadt gehackte ondernemers af om met geld over de brug te komen,” which I’m told means that the Federal Computer Crime Unit is advising the businesses to pay the ransom (extortion). Amazing, if that’s true. Another site says that FFCU discourages paying ransom.  Note: a commenter points out that the translation I was given for the first source was incorrect, and that as I suspected, the FCCU was advising companies NOT to pay.

About the author: Dissent