It used to be enough to hack into a corporation’s servers, access personal data on hundreds of thousands—or even millions—of the company’s customers, and use that data to steal identities. But that’s just so much work. A new threat is on the rise, and hacker groups like Rex Mundi (King of the World) have made headlines for their efforts.
In Rex Mundi’s operations, seasoned hackers steal the personally identifiable information of a large number of customers, then blackmail the company with threats to release word of that hacking, sell the information, or use it themselves. The most recent victim of the group’s crime was Domino’s Pizza’s European division after the group accessed 600,000 customers’ accounts.
The group targeted the accounts of customers who had placed online pizza delivery orders in France and Belgium, then sent word to the company’s corporate office that they would release that secure information unless they were paid €30,000 (around $41,000). Luckily, Domino’s turned the threat over to the French authorities; blackmail seems to carry a far greater penalty than hacking, and the matter is being resolved.
Interestingly, Rex Mundi doesn’t seem to be very good at what they do. While even a Domino’s spokesperson acknowledged that the actual cybercrime they pulled off was very sophisticated, the hacker group has targeted other companies with their blackmail attempt in the past and experienced similar disappointing results. Their first mistake was in targeting a company that doesn’t gather highly sensitive data; the thieves only accessed the names, physical addresses, email addresses, and pizza-specific passwords on the customers.
But there are important lessons to be learned from this. The first painful lesson is that thieves are becoming more and more creative every day. Blackmailing companies with stolen information is a frightening concept, especially when your information is hanging in the balance. But if you look at the reactions of the companies who were affected, they took swift action with the authorities rather than just sit back and believe cybercrime is unavoidable. This particular case also happened to involve a company that not only didn’t gather useless amounts of personal data on their customers, but also didn’t store the financial, banking, or credit card information. That left the thieves with pretty much useless stolen information, much of it readily available from a public records or internet search.
By doing business with companies that don’t gather and store your sensitive information, you can add an extra layer of protection to your personal data. Make sure you’re not sharing things like your Social Security number with companies who don’t need it, and ask yourself whether you really need the convenience of storing your credit card number on a pizza delivery website or if you can uncheck the box to store it and just enter it each time you make a purchase. Of course, there is a threat to customers in this case who use the same password everywhere since the hackers now have that password, so be sure that you’re not putting your “go to” password everywhere online.
While the customers had no control over thieves hacking into the system or Domino’s handling of the situation, this is another example of taking preventive steps to safeguard your information and identity.
If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center's Anyone3 fundraising campaign. For more information or to donate please visit http://www.idtheftcenter.org/anyone-3.