A group claiming to have hacked a Dexia Bank subsidiary's database is threatening to post sensitive customer information unless it receives an "idiot tax" of EUR150,000 by Friday.
In a pastebin statement addressed to the media, the unnamed group says it has "downloaded extensive confidential customer information" from servers belonging to Elantis, a mortgage and consumer credit unit of Belgium-based Dexia.
The data - a sample of which has been posted in the message - apparently includes loan applications featuring full names, job descriptions, ID card numbers, contact information and income details.
The group claims to have contacted Dexia over the weekend demanding EUR150,000 before Friday to keep the data private. So far the bank has not responded to the demand.
"It is worth pointing out that this data was left unprotected and unencrypted on Elantis' servers," says the statement, adding: "While this could be called 'blackmail,' we prefer to think of it as an 'idiot tax' for leaving confidential data unprotected on a Web server."
The Elantis Web site is currently unavailable after the bank disconnected its server in the wake of the attack.
Dexia has yet to respond to a request for comment but a spokeswoman told Reuters (Dutch language) that Elantis will not give in to blackmail, the police have been called in and any data stolen could not be used to commit fraud.