Payday Loans company AmeriCash Advance have become the latest company to suffer from the actions of a hacking group after they refused to give in to their demands and pay $15,000 for the safe return of the stolen data.
The group of hackers who go by the name Rex Mundi have claimed responsibility for the hack and the eventual publication of the stolen files. It has been reported that the hacking group managed to infiltrate the customer database through an unsecure page which resulted in them obtaining customer names, email addresses and the last four digits of Social Security numbers (SSN). The hacking group Rex Mundi demanded $15,000 for the safe return of the data and described the sum as an idiot tax as they claim that the system was completely unsecure.
Rex Mundi stated, “This company which specializes in payday cash advances (basically small loans for low-income workers, which are vastly overpriced) left a confidential page unsecured on their server. This page allows its affiliates to see how many loan applicants they recruited and how much money they made. Not only was this page unsecured, it was actually referenced in their robots.txt file (Bad, bad move, guys).
Rex Mundi later added, “We managed to download thousands of loan applicant records. This data contains the names of applicants, the amount they applied for, their email addresses and the last four digits of their SSN. In addition, some ‘problematic’ applications also include comments left by AmeriCash Advance’s employees about the applicant and the name of the applicant’s bank. As usual, we will publish those records on the internet if AmeriCash Advance does not pay us by next Tuesday.”
AmeriCash Advance have acknowledged that there system has been successfully hacked and released the following statement. “On June 12, AmeriCash Advance received a fax, telling us that part of our website had been hacked. The letter went on to demand initial payment of $15,000 from us. We immediately notified the appropriate authorities and promptly took steps to ensure that no other data could be accessed. We will not cave in to blackmail, and are cooperating fully with the authorities to protect our customers and bring these criminals to justice.”
AmeriCash Advance later added, “”We have notified those who have been affected and warned them to be vigilant. We are continuing to work closely with the authorities to identify the criminals,”
Rex Mundi have responded and stated that they didn’t need to hack into the system as it was left wide open. Such a claim surely needs to be investigated and if adequate security measures were not in place, surely the authorities should take some kind of action against AmeriCash Advance.