Rex Mundi Hackers Post Data Stolen from Numericable

Numericable is a cable TV company operating in France, Belgium and Luxembourg. Rex Mundi claimed to have stolen customer data and demanded €22,000 for its return. Numericable declined, and denied that the hackers had the data.
Rex Mundi (king of the world) is a hacker group that makes a habit of hacking for extortion. Last week,Numericable Belgium‘s IT manager received an email saying that the hackers accessed a database of 6000 new customers, demanding a €22,000 ransom for the data.
Numericable’s response was threefold. It refused to pay the ransom, denied that the hackers could obtain the customer data, and referred the matter to the police. “Hackers have managed to get the data requests for information through our website, but have failed to obtain the data from our customers for the reason that we all separated and the data were not available via the site” (Google translation), Martial Foucart, CIO at Numericable, told RTL.
Rex Mundi responded first on Twitter. “So, Numericable claims that we didn’t steal any data… Our dump tomorrow will be rather humiliating for them then.”
According to Softpedia, Rex Mundi followed up by posting the database to dpaste.de (it has since been ‘removed’). An accompanying note apparently laid the blame on Numericable. “In life, when someone makes a mistake, especially a mistake that could potentially have grave consequences for other people, you would expect that person to man up and own up to it. But not Numericable.”
In Rex Mundi’s logic, Numericable made the mistake (in not securing the data) and then refused to ‘man up’ – and pay the price.
Direct extortion is a growing motivation for cybercriminals. Ransomware, or the ‘police trojan,’ is used to extort money directly from users. The threat of a DDoS attack is used to extort money from both large and small companies. And the threat of data leaks, such as in this case, is simple blackmail. On Tuesday this week, Rex Mundi separately announced that it had breached a Belgian recruitment agency.

However, “More often than not these blackmail threats go unreported,” commented Ashley Stephenson, CEO of Corero. We only tend to hear about them, he added, “when a threat is received and a decision taken to ignore it.”
Meanwhile, Numericable is facing a separate concern: the European Commission has launched an investigation into whether it received unfair aid from France in receiving the French cable infrastructure. “The Commission has doubts that such aid could be found compatible with EU rules,” said an EC statement.