DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Rex Mundi statement on their motives and methods

Posted on March 16, 2015 by Dissent

@RexMundi2015 issued a statement today, to set the record straight.

Dear friends and foes,

Over the past few months, we have read a series of inaccurate facts about us in the press. We therefore would like to take the time to correct some of the most common misconceptions regarding our activities.

– The companies we targeted have only one thing in common: mediocre IT security protocols or poorly-designed Web applications. After successfully hacking a website, we always give its owners a clear choice: pay up to protect the data they failed to secure from getting released over the Web or refuse to pay to clean up their own mistakes. To this, of course, some might object that those companies are not responsible for getting hacked — we are. But, think about this scenario for a moment: your best friend lends you her car. You park it at night in a sketchy neighborhood and leave it unlocked with the keys on the front seat. Coming back in the morning, you realize the car has of course been stolen. Who is responsible? The thief of course should be blamed for it. But aren’t you also to blame? Your friend trusted you to keep her car safe, something which you failed to do. Similarly, while we are obviously to blame for these hacks, we feel that the companies we target are also partly responsible for their users’ data getting stolen. All in all, this creates a very interesting and fascinating moral dilemma.

– Unlike other groups out there, we have no interest whatsoever in making any kind of political or social statement. We are only interested in making money, which brings us to the code of conduct we have put in place. This code of conduct was devised not out of some misplaced sense of honor, but simply to maximize our chances of getting paid. It is quite simple:
* Communication and/or negotiations between us and our targets is never released, regardless of whether we get paid or not.
* We never discuss or even acknowledge the fact that some of our past targets might have paid us.
* We automatically delete all of the stolen data once a full payment has been made.
* We never target the same company twice and, for obvious reasons, we always stick with the original requested amount.

Once again, this code of conduct is simply there to ensure we do end up getting paid. If we posted the data of a company that has paid us, no other future target would ever agree to pay us. Similarly, asking for more money once we have already been paid would be pointless as no target would pay a second time out of fear we might ask for even more money a third time.

– Finally, we would like to mention that whether a company agrees to pay us or not has no impact on our future endeavors. We will continue to target vulnerable websites, regardless of how many companies refuse or accept to pay.

Twitter: @RexMundi2015
Rex Mundi

PS: Shouldn’t Labio have informed its patients of the breach?

Related posts:

  • Rex Mundi threatens to expose patients’ blood test results if lab doesn’t pay extortion demand (update 1)
Category: Hack

Post navigation

← Data leak scandal involving personal info of 872 children suppressed, lawyer claims
FL: Sacred Heart Health System billing information hacked →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.