Breach Notification , Governance & Risk Management , Incident & Breach Response

Hackers Release Info from Swiss Bank

BCGE Refuses to Pay Ransom Demand
Hackers Release Info from Swiss Bank

Hackers released sensitive information from the Banque Cantonale de Geneve, also known as BCGE, after the Swiss bank declined to pay attackers' ransom demand.

See Also: Secureworks Named a Major Player in the 2024 IDC MDR Marketscape

Attackers say they first demanded €25,000 ($30,000) from the bank, based in Geneva, to not leak stolen data. But they say the bank declined, so they revised their demand to €10,000 ($12,000) and set a deadline of 6 p.m. local time on Jan. 9 to receive the payment.

"While we did not access any bank account, we did download 30,192 private e-mails sent by both Swiss and foreign customers, in addition to various other interesting data," reads a statement posted to text-sharing website DPaste by the hacking group that calls itself "Rex Mundi" - Latin for "king of the world."

The attackers tried to extort not only the bank, but also its customers. "If you are a BCGE customer and, more importantly, if you are one of their many foreign customers and want to avoid a painful tax audit, you might want to contact the bank and ask them to reconsider their position," Rex Mundi said, publicizing its demand for the €10,000 ransom payment. Again, however, the Swiss bank declined to pay.

"We chose not to give in to blackmail and chose instead the path of transparency," bank spokeswoman Hélène De Vos Vuadens told Reuters.

A few hours after the payment deadline had passed, Rex Mundi claimed to have published a "full dump" of the stolen information to their Tor .onion website, as well as via a file-sharing website

BCGE, meanwhile, quickly issued a statement noting that it had been the target of an attack, that hackers appeared to have breached one of its websites and released some customer-related information, and that Swiss police were already investigating the intrusion.

The bank said that all of the leaked information related to customers' online inquiries. It said customers' financial information was safe and would have required multiple passwords to access. But the bank said it has already implemented additional safeguards" to lock down its systems, as well as to protect client information. It's also contacted affected customers. "There does, however, exist the possibility of inappropriate messages or calls being addressed to the clients concerned and the [bank] recommends that no response be made to such communications," it adds.

Via a Twitter account registered in its name, Rex Mundi reported that the bank's website was "very poorly secured," and claimed to have effected the breach via a SQL injection attack.

It's not clear exactly what types of information the attackers stole, or released. "The bank is currently analyzing the published with material with the help of specialists and judicial police," BCGE said. But sample data posted with the hackers' ransom demand included customers' e-mails, phone numbers, and mailing addresses.

Rex Mundi Campaigns Ongoing

Rex Mundi has taken credit for numerous attacks in recent years, including a breach of Domino's Pizza in France and Belgium that gave attackers access to 600,000 records, which they demanded a ransom payment to not publish. In recent months, the group has also of having hacked - and demanded ransoms from - travel company Thomas Cook Belgium, car-loan firm Finalease Car Credit, which is also based in Belgium, and France-based workplace health and safety consulting firm Mensura, reports

In the wake of those attacks, the Belgian Federal Computer Crime Unit reportedly recommended that businesses never give in to ransom demands.

BCGE is one of more than 100 Swiss banks participating in a U.S. Department of Justice amnesty deal, negotiated with the Swiss government, that will allow the banks to avoid U.S. prosecution if they report on "the use of foreign bank accounts to commit tax evasion" by U.S. taxpayers and pay a related fine. The government of Switzerland has encouraged its banks to participate in the program.

Despite Rex Mundi's threat to expose U.S. residents seeking to hide their assets in Swiss accounts, BCGE says it has already alerted its customers that they must comply with U.S. law. "As for fiscal risks, we asked all of our clients to regularize their [tax] situation," the bank spokeswoman told Reuters. "It is up to each of our clients to fulfill legal requirements in conformity with the legislation in force."

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.