Rex Mundi Publishes Hacked Personal and Private Information of Loan Applicants after AmeriCash Refuses to Pay ‘Idiot Tax’

The Internet Patrol default featured image
Share the knowledge

A couple of weeks back, the hacker group Rex Mundi blackmailed AmeriCash Advance, demanding that the payday lender give the group around $20,000. If AmeriCash Advance didn’t pay up, Rex Mundi would publish the thousands of loan-applicant records it stole from the payday lender. Now, a couple of weeks later, AmeriCash Advance hasn’t paid the extortion fee, so Rex Mundi did in fact publish all those loan-applicant records. This is a newsworthy story in its own right, but what really makes it important is that it reveals how utterly unsecured so much of our private information (Social Security numbers, credit card numbers, banking data, etc.) is. And our private information and other data are not just vulnerable to skilled hackers – it’s vulnerable in general because it is often so poorly protected.

Rex Mundi (which means “King of the World” in Latin – they’re not humble hackers) was able to steal the personal data of AmeriCash customers because the payday lender failed to secure this confidential information in any meaningful way; it was simply sitting on an unsecured server. The information on this unsecured page not only included the customers’ names and email addresses, but also their financial institutions and the last four digits of their Social Security numbers. Obviously, this is information that should only be available internally, closed off from prying eyes on a secure server. Not so.

Because of the attack, customers of AmeriCash must stay extra vigilant, especially against phishing attacks (i.e., attacks aimed at stealing personal information by tricking people into thinking they are supplying their data to legitimate sources). Equipped with a customer’s name and email address, along with his or her financial institutions, a malicious actor could, for example, create an email that looks as though it came from a bank requesting personal information. Since the email that is supposedly asking for personal information would purport to be from a customer’s actual bank, some people may be deceived into thinking that it is a legitimate email and then send in their information. (For the record, you should never send important personal data via email, and a legitimate institution would never request this of you.)

Rex Mundi claimed that their extortion fee was an “idiot tax.” It was designed to show how inadequate AmeriCash’s data security is. (The hacker group was also simply looking to make some money.) While we of course do not endorse extortion or the actions of Rex Mundi, the hacker group is at least correct in pointing out that AmeriCash needed to be far more careful with the customer data with which they were entrusted. AmeriCash was purportedly reckless and now their customers will have to pay because of the antics of a group of hackers.

What’s concerning about this case involving Rex Mundi and AmeriCash is that all of us have entrusted important personal information with a variety of institutions, and some of these institutions may not be adequately protecting it. And even if they are protecting our personal data in a responsible way, there is no guarantee that a hacker group like Rex Mundi won’t come along and figure out how to get past the security system. Unfortunately, you basically have to be wary of the mere fact that your personal data exists somewhere out there, regardless of who is protecting it.

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 


Share the knowledge

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.