Approximately 13,500 applicant records from AmeriCash were released in a text file dump after the company suffered a data breach at the hands of hacking group Rex Mundi, according to InformationWeek. Dumped records included the names, emails and various loan information for the each of the applicants. Some records contained short biographical information and all of them contained the last four digits of Social Security numbers.
Rex Mundi - which first surfaced on Twitter on May 1 - demanded a $20,000 "ransom" from the payday loan-lenders to keep the records under wraps. When they didn't cooperate, the records were dumped and labeled the ransom as an "idiot tax."
Despite the high-tech prowess of the hackers, the first demand for the "tax" payment came in a fax asking for $15,000. AmeriCash told InformationWeek that after they refused to comply, the group hacked the part of their system that sends auto-reply notifications to applicants after the application is received.
Poor security through the internet portal is most common in the financial sector, according to non-profit group the Online Trust Alliance. Banks and the U.S. government have the worst security and privacy practices on their websites per the groups honor roll for security.
Fifty-two percent of social media websites reviewed made the honor roll, good for an industry best and a 40 percent improvement from 2011.
