process of notifying affected customers
I believe the correct terminology is "marks" not customers.
Hacker group Rex Mundi has published thousands of loan-applicant details it siphoned off from US payday loan outfit AmeriCash Advance. The move follows AmeriCash Advance's refusal to sump up $15,000 in what Rex Mundi describes as an idiot tax for maintaining insecure systems and what AmeriCash Advance characterises as an …
"skiddies", "crackers", and "hackers". Especially since the last wasn't something that you could simply claim for yourself. This skiddies and journo hacks alike got wrong from the start. "Hacking" in the original sense only marginally had to to with security anything, much less extortion, nevermind hats. Arguably even the terminology colouring the hatted industry is entirely due to people not qualifying as "hackers" on merits.
The Reg reporter didn't say they hacked the system. He reported they claim to be a hacker group. He also reported they siphoned the info from an unsecured page that was referenced by the robots.txt file.
I don't see any problem with this. In fact I actually like it. It lets the reader decide whether or not the group is what they claim to be without the reporter coloring that decision one way or the other.
I don't think you can blackmail those people, it was not their data that was exposed, but their customers. And I don't think that they will give a (whatever) about that.
The people who fall for a loan shark company that charges you up to 1200% interest are usually not the ones that have top rate lawyers on standby to sue someone for breach of privacy, most of them might not even be aware that it happened. So people who have been hit (that's why they're on the database in the first place) will get hit again.
Sad, but true: Business as usual.
BTW: The US needs bring back usury laws.
Buying credit at a fraction of a percent and selling it along at 31 percent plus really is usury.
Anything beyond 10 points over prime should be considered usury.
Since the bankers got their bonuses off of the government dole this is the least the government could do to repay the favor.
Well, there is this little problem that laws don't make reality go away.
https://mises.org/daily/5483/Debtor-Nation
"Credit and income information was hard to obtain just after the turn of the century, thus credit was granted to those known and trusted. John Mackey built what would become Household Finance Company, lending small amounts of money at monthly interest rates of 10 percent. The cost of collection was high, and there was no Federal Reserve spewing forth liquidity. Mackey had plenty of customers because banks didn't lend to consumers. Usury laws began to pop up, setting maximum rates at a fraction of what Mackey was charging, but as Hyman points out, the laws only served to send working class people to loan sharks charging between 60 and 480 percent per year."
https://www.mises.org/daily/1441/
Because you are already in the dumps and need some cash, like, right now.
https://www.mises.org/daily/1441/
"What Payday Lending Is"
Payday lending is a relatively new development in consumer finance. Payday lenders market their service as a credit instrument to bridge the borrower until the next paycheck. Popular examples are companies "Check into Cash" and "Check ‘n Go." A typical payday loan works like this: the borrower writes a post-dated check to the payday lending company. In return, the borrower receives cash, minus lending fees. For a $250 loan, the lending fee might be $50 and the loan term 30 days. That works out to a 240% APR —a hefty rate!
...The high APR in part reflects the relative size of transaction costs to the small loan amount (<$300). The lending company must run credit checks, process paperwork, etc., regardless of whether the loan is $100,000 or $100. In this way, a reasonable $50 transaction fee translates into an APR that appears unreasonable. Even if transaction fees were removed from the picture, one would still expect large APRs for payday loans because of the relative credit risk of payday borrowers.
...Now consider the situation from the borrower’s perspective. Most who turn to payday lending have poor or limited credit history. Although their situations may be dire, they naturally find few people stepping up to extend them a loan. Credit is a measure of the reliability of a borrower to live up to a loan contract. As economist Henry Hazlitt pointed out, credit is not "something a banker gives to a man. Credit, on the contrary is something a man already has." For a borrower with bad credit, payday lenders offer an invaluable service few banks will offer. Not only do they provide liquidity when it is most needed, payday lenders provide the borrower an opportunity to establish a positive credit history. In short, payday lenders provide a means for the unbanked to join the financial mainstream.
White-hat hackers do not blackmail. E.g., the Chaos Computer Club routinely hacks into "secured" systems. Often enough, they do that because they were asked to, but that is another story.
Thing is, they do *not* blackmail; they quietly notify the company owning the compromised server of the security problems. Depending on the individual hacker, they may even offer free advice on how to plug up the security holes.
Blackmail is never an option. Yes, the loan company should be persecuted for breach of privacy of its customers; they have no right to be so lax with their potential customers' data. The blackmailers, however, should be locked up and the key very carefully melted down and consequently lost at sea, for both blackmail and aggravated breach of privacy.
Whether or not Rex Mundi broke laws by obtaining the data they did is beside the point: their criminality was in attempting to blackmail for cash. If they had asked for evidence that their "idiot tax" was paid to an internationally-recognised charity - perhaps one that helps people in debt - it's possible they could have got away with it. Now they're looking at what will probably be years of being _very_ careful how they pick up their "dropped" soap in the prison showers. Extortion for certain. Federal wire fraud, maybe. More fool them. Perditus Mundi, more like.
On the other hand, whilst I don't know nearly as much about American data protection laws as I do about UK and European legislation, I should imagine that the US Consumer Financial Protection Bureau and/or the Office of the Comptroller of the Currency (both Federal authorities) will be taking a very close look indeed at AmeriCash Advance and its staff, and the probity of their management of customer data.
The move follows AmeriCash Advance's refusal to sump up $15,000 in what Rex Mundi describes as an idiot tax for maintaining insecure systems and what AmeriCash Advance characterises as an extortionate demand.
I deal with so many companies that are run by DUMB FUCKS, and they employ DUMB FUCKS.....
Oooooohhhhh rightey yes,...... "The company that just rung me using my phone number has no record of me on their accounts.... including the phone number that they just rang me on....., and they are asking me to give them my credit card details for a phone charge - for a phone account that I have not gotten, when the arrangement was for a direct debit, on a service that I did get...."
Yeah fuck yeah - I'll be paying that - via the fucks in the foreign call center.
Rexmundi - "Your systems are insecure, give us $15K and we will help you fix it...
Americash Dumb Fucks.... "Oh ummmm what do you mean, oh umm we use Microsoft Windoze, so it's secure."
Dohhhhhhh!
it's OK to take unsecured data?
If the banks left the door and vault open, you went in a nd took money, it's still burglary and an offence, open doors do not negate the act of criminality, as such people that walk from open prisons are still escapees.
Charging 2146% interest on short term loans is a norm, else why does your credit card not cost 4.2% same as your mortgage? the fact that you need recoup costs in a shorter term mean higher charges aqnd also Wonga etc do not ask for collateralunlike your house belonging to the bank until paid for in full