A couple of weeks back, the hacker group Rex Mundi blackmailed AmeriCash Advance, demanding that the payday lender give the group around $20,000. If AmeriCash Advance didn’t pay up, Rex Mundi would publish the thousands of loan-applicant records it stole from the payday lender. Now, a couple of weeks later, AmeriCash Advance hasn’t paid the extortion fee, so Rex Mundi did in fact publish all those loan-applicant records. This is a newsworthy story in its own right, but what really makes it important is that it reveals how utterly unsecured so much of our private information (Social Security numbers, credit card numbers, banking data, etc.) is. And our private information and other data are not just vulnerable to skilled hackers – it’s vulnerable in general because it is often so poorly protected.
Rex Mundi (which means “King of the World” in Latin – they’re not humble hackers) was able to steal the personal data of AmeriCash customers because the payday lender failed to secure this confidential information in any meaningful way; it was simply sitting on an unsecured server. The information on this unsecured page not only included the customers’ names and email addresses, but also their financial institutions and the last four digits of their Social Security numbers. Obviously, this is information that should only be available internally, closed off from prying eyes on a secure server. Not so.
|Get notified of new Internet Patrol articles for free!
|Or Read Internet Patrol Articles Right in Your Inbox!
as Soon as They are Published! Only $1 a Month!
Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
Because of the attack, customers of AmeriCash must stay extra vigilant, especially against phishing attacks (i.e., attacks aimed at stealing personal information by tricking people into thinking they are supplying their data to legitimate sources). Equipped with a customer’s name and email address, along with his or her financial institutions, a malicious actor could, for example, create an email that looks as though it came from a bank requesting personal information. Since the email that is supposedly asking for personal information would purport to be from a customer’s actual bank, some people may be deceived into thinking that it is a legitimate email and then send in their information. (For the record, you should never send important personal data via email, and a legitimate institution would never request this of you.)
Rex Mundi claimed that their extortion fee was an “idiot tax.” It was designed to show how inadequate AmeriCash’s data security is. (The hacker group was also simply looking to make some money.) While we of course do not endorse extortion or the actions of Rex Mundi, the hacker group is at least correct in pointing out that AmeriCash needed to be far more careful with the customer data with which they were entrusted. AmeriCash was purportedly reckless and now their customers will have to pay because of the antics of a group of hackers.
What’s concerning about this case involving Rex Mundi and AmeriCash is that all of us have entrusted important personal information with a variety of institutions, and some of these institutions may not be adequately protecting it. And even if they are protecting our personal data in a responsible way, there is no guarantee that a hacker group like Rex Mundi won’t come along and figure out how to get past the security system. Unfortunately, you basically have to be wary of the mere fact that your personal data exists somewhere out there, regardless of who is protecting it.
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!
|Get notified of new Internet Patrol articles!