back to article Loan application data hacked, company responds: Meh, not our customers

Hacker collective Rex Mundi has stolen 24,000 financial records from Belgian loan company AFC Kredieten, it claims, and if the company doesn't pay up before Friday at 8pm, it will publish every loan applicant record in its possession. As proof that they have successfully hacked the company, Rex Mundi has already published some …

  1. Anonymous Coward
    FAIL

    AFC Kredieten

    So AFC Kredieten get hacked, but AFC Kredieten don't care as AFC Kredieten says they are not AFC Kredieten customers, yet AFC Kredieten were holding their information.

    Yet AFC Kredieten says it will not affect AFC Kredieten's credibilty.

    Well AFC Kredieten must have a really low credibility rating if they thing the gutter is a good place.

    1. Ben Tasker Silver badge

      Re: AFC Kredieten

      Well AFC Kredieten must have a really low credibility rating if they thing the gutter is a good place.

      Having just taken a look at their website and seen a Plesk default holding page, I think it's safe to say credibility is pretty low. Them using Plesk probably also answers 'how did they get in'.

      1. Triggerfish

        Re: AFC Kredieten

        Yes I have to say I saw this comment

        "She also said that there would not be any reputational damage to the company if the records were published."

        And thought I wouldn't touch you witha ten foot shitty bargepole.

  2. Hollerith 1

    It'll work

    AFC Kredieten is, as it were, Paris Hilton: what others would think is a hugely shaming and distressing calamity (in Ms Hilton's case, that video), AFC merely have to take with a shrug and a 'so what?' The evil consequences will be, what, exactly? Their current clients, who owe them only, can't desert them, and people will forget the kerfuffle in a few years. The hackers make money off of other companies' mediocre security and shame: these companies pay for silence. But if you have no shame, the hackers have gone to a lot of trouble for nothing. Lesson: try to target companies with mediocre security who still have shame. But if AFC reap no badness, you can bet shame will be evaporating from corporate minds like dew in the desert.

  3. Bob Dole (tm)
    WTF?

    Belgian law?

    I take it Belgian law is a little lax with regards to data reporting and responsibility for security breaches?

  4. nichomach
    Trollface

    "What that group did is illegal and writing about it would be against the law."

    Yeah...that law probably doesn't say what you think it does...

  5. Anonymous Coward
    Anonymous Coward

    One more reason...

    ...to execute all hackers.

    1. Mark 85 Silver badge

      Re: One more reason...

      And the c-suite of companies like this.....

  6. Ken Moorhouse Silver badge

    Ex-Applicants

    Ex-Applicants now.

    Actually will their competitors be writing to these "applicants" to ask: "are you looking for a loan? We can help."

  7. zen1

    dear reg

    you guys need to introduce a new icon, might I suggest a douche bag, just for companies like AFC Kredieten. What they're doing is unconscionable to say the very least. While they may be right on the thinnest of technicalities they do have the ethical obligation to protect potential customers personal data every bit as much as registered customers. Granted I'm probably preaching to a large choir, but the ass bag who told the spokes weaselette to basically say "fuck 'em, they're not our customers yet" should be fired and have charges filed against him or her. Therefore, I submit to the editors and management of el reg, an official request for a D-Bag icon.

    1. tony2heads

      Re: dear reg

      also needed for:

      SCO

      Prenda Law

      any other contenders?

  8. iLuddite

    customer or not

    The company accepted, required, confidential information. If it was shown that security was lax, I expect "not my problem" to fail.

  9. Ole Juul

    "What that group did is illegal . . ."

    You just tell them that and I'm sure they'll stop.

    1. Richard Boyce

      Re: "What that group did is illegal . . ."

      ... and I'm sure they'll delete the data upon payment too.

  10. Anonymous Coward
    Anonymous Coward

    In Australia...

    In Australia, by law financial institutions have to comply with a fair quantity of regulations and IT practises (including security, backups, verified DR). If they don't, and there are large fines involved and parts of the failure can go on the public record.

    If Belgian financial institutions have similar regulations... AFC Kredieten could be in for a tougher time than they think.

    1. Sven Coenye

      In Belgium...

      If the powers that be behind AFC have sufficient money, they can drag the case out for 30 years.

      Most jurisdictions know the concept of "appearance of impropriety". In Belgium, that means a judge who is suspected of falsifying documents and passing on insider information about the cases before her can keep trucking for another 4 years.

      AFC Kredieten will do just fine...

      Incidentally, their motto is "safe, discreet and advantageous borrowing" :-/

      1. Steve Davies 3 Silver badge
        Black Helicopters

        Re: In Belgium...

        AFC are in danger of 'doing a Ratner' to their company.

        Their actions clearly indicate that the top nobs think that their jobs are safe so to hell with a little data leak.

        But to us mere mortals it is different. The 'I don't give a shit' attitude of the top bosses tells us that we shouldn't give a shit about their company and take our business elsewhere pronto.

  11. paulf Silver badge
    Pirate

    Really?

    "We automatically delete all of the stolen data once a full payment has been made.”

    Sure they do.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020