Rex Mundi is back again. After hacking Synergie and dumping data from Temporis in January, the hackers, who have made a business of hacking for profit, have announced that they have now hacked a diagnostic laboratory in France, Labio. And once again, they announced the hack on Twitter:
Labio.fr hacked last week. 100’s of blood test results in our possession. #infosec #hack #piratage #Labio
— Rex Mundi (@RexMundi2015) March 13, 2015
@Cyber_War_News @TheHackersNews We hacked Labio.fr and downloaded 100’s of blood test results in PDF.We post them Tues if Labio doesn’t pay. — Rex Mundi (@RexMundi2015) March 13, 2015
A pop-up notice on the lab’s web site this afternoon indicated that the server was temporarily unavailable due to a “technical problem:”
SERVEUR DE RESULTATS INDISPONIBLE
Suite à un problème technique, le serveur internet de résultats est temporairement indisponible.
En cas d’urgence, merci de vous mettre en relation avec votre laboratoire qui a la possibilité de vous transférer vos résultats pas E-mail, fax ou courrier.
La direction de LABIO vous présente ses excuses pour ce désagrément.
In response to a tweeted question from DataBreaches.net, Rex Mundi indicated that they had demanded €20,000 from Labio not to release the data.
Because they have followed through on their threats in the past when organizations have not paid the extortion demands, we’ll have to see what happens on Tuesday.
Other entities hacked by Rex Mundi include Swiss bank Banque Cantonale de Geneve, French loan company Credipret, Swiss web hosting company Hoststar, Tobasco.be, Z-Staffing.org, Easypay Group payroll company in Belgium, Webassur, Thomas Cook Belgium, Finalease Car Credit, Mensura, Drake International, Accord.nl, ECAAssurances, Mutuelle La Frontaliere, and Domino’s Pizza, among their targets.
Update 1 (March 14): As they have done in other hacks, the hackers have posted the names of those whose data they have acquired. They did not post any lab results, but the names and dates of the reports were posted with a preface:
Dear friends and foes,
Last week, we hacked the website of Labio, a French clinical laboratory. From the test results server, we downloaded hundreds of blood test results in addition to all of the 40,000+ stored login credentials.
We offered Labio not to release their patients’ data in exchange for a very reasonable EUR 20,000. Unfortunately, so far, it seems as if they would rather save a little bit of money rather than protect their patients’ privacy. Something which is rather ironic considering they failed to secure this data in the first place.
If we do not get paid before next Tuesday at 4PM, we will release all of the data in our possession — including the blood test results.
If your name is listed below, your results are unfortunately now stored on our servers. Do not hesitate to call Labio and ask them why they so far declined to protect your privacy.