X

Hackers grab customer data, demand cash from payday lender

AmeriCash Advance says it refuses to pay the $15,000 that hackers have demanded after stealing data.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
See full bio
Elinor Mills
2 min read
RexMundi brags about hacking into Web sites and trying to extort money from companies on its Twitter feed.
RexMundi brags about hacking into Web sites and trying to extort money from companies on its Twitter feed.

Hackers have released consumer data stolen from an online loan provider, after the company refused to pay an extortion fee.

"On June 12, AmeriCash Advance received a fax, telling us that part of our Web site had been hacked. The letter went on to demand initial payment of $15,000 from us," AmeriCash Advance, an online payday cash advance provider, said in a statement provided to CNET. "We immediately notified the appropriate authorities and promptly took steps to ensure that no other data could be accessed. We will not cave in to blackmail, and are cooperating fully with the authorities to protect our customers and bring these criminals to justice."

The breach was limited in scope, and the main concern is that the specific data exposed, which consists of names, e-mail addresses, last four digits of Social Security numbers, and the name of the customer's financial institution, could be used for phishing attacks, according to AmeriCash Advance.

Related stories

"The section of the system that the criminals hacked into was the automatic e-mail responder section, the part of the system that sends an auto-reply to an applicant that their application has been received," the statement said. "We have notified those who have been affected and warned them to be vigilant. We are continuing to work closely with the authorities to identify the criminals."

A group of hackers calling themselves "RexMundi" announced the data dump on Twitter. RexMundi also has said it released data stolen from Belgian firms AGO-Interim and Dexia Bank, after they failed to pay extortion fees, threatening to release more data and increasing the amount of money demanded. Among others, the group said it had hacked the e-mail account of Taylor Lautner, a star in The Twilight Saga film series.

"To answer a popular question: We 're="" in="" it="" for="" the="" money,="" which="" is="" also="" pretty="" awesome,"="" rexmundi="" twitter="" account="" said="" one="" of="" its="" tweets="" since="" was="" created="" on="" may="" 1.="" "how="" we="" miss="" good="" old="" ="" shortcode="link" asset-type="article" link-text="days of LulzSec" uuid="71269aa4-8c86-11e2-b06b-024c619f5c3d" slug="hacking-group-lulzsec-says-its-calling-it-quits" edition="us" data-key="link_bulk_key" api="{"id":"71269aa4-8c86-11e2-b06b-024c619f5c3d","slug":"hacking-group-lulzsec-says-its-calling-it-quits","contentType":null,"edition":"us","topic":{"slug":"security"},"metaData":{"typeTitle":null,"hubTopicPathString":"Security","reviewType":null},"section":"news"}"> ."