Yesterday we touched on how those behind the Liberty hack were trying to extort millions from the company, with Liberty Holdings CEO David Munro putting out fires left, right, and centre.

Much of what Munro had to say was designed to placate customers, who would have been stressed about their sensitive data falling into the wrong hands, but the past 24 hours haven’t been kind to his company.

For a start, Fin24 spoke with Arthur Goldstuck, MD of World Wide Worx, who brought up the possibility of an inside job:

[He] told Fin24 by phone that the people behind the breach had threatened to release emails and possibly attachments from Liberty to clients, on the ‘dark web’…

Goldstuck said that because people typically use the same password across multiple accounts, their transactional banking accounts could be at risk…

Goldstuck [below] urged the company to be “fully transparent” about all the details of the breach.

“There is speculation that there was inside involvement. It appears [they] had access to the entire server [so] it seems unlikely it was external,” said Goldstuck.

Liberty Holdings CEO David Munro said at Sunday’s press conference that the authorities had asked the company to investigate whether the breach could have been an inside job and the police will also be probing this possibility.

Munro said they were unable to provide further details about whether the hack had taken place inside or outside the country’s borders.

Quite a ballsy move if it was someone on the inside, and you would imagine that they would be well compensated if Liberty decided to pay the ransom.

As for the hackers’ demands, they’ve posted a message on Pastebin, “a website where you can store text online for a set period of time”, explaining how they’re not afraid to play a little dirty.

This screenshot via MyBroadband:

Here’s their statement in text form:

Hello world, Welcome to Stage 1 of Liberty Holding Breach

After few funny days around “Liberty Holdings” breach, now its time to show some interesting data:

https://files.fm/u/zq4rzkjp

Enjoy, this is only the sample given to Liberty management as proof for sensitive data.

We still holding 40TB that will be published as few parts, every day. Database file includes customers data, finance data, few full email backup of their directors and more interesting data.

“Liberty customers have not suffered financial losses due to cyber attack” — For only one reason, we did not do that for harming your customers, our goal was to improve your security. You made your choice to, time to pay!

It seems like Liberty is caught between a rock and a hard place, because playing ball with hackers sets a dangerous precedent.

Not only that, but the worst could still be to come. Moneyweb below with how the floodgates could really open:

Liberty could face massive fines through civil lawsuits or from a government-mandated information regulator after falling victim to a cyber attack by unknown hackers.

The financial services firm is fighting to prevent the release of clients’ personal information after its IT systems came under attack on Thursday by hackers who demanded payment.

Insurance companies process and store the sensitive data of millions of clients, including their ID numbers, medical reports and banking details.

Civil claims from aggrieved clients could potentially emerge on the basis of their right to privacy being infringed, while fines as high as R10 million for each data breach incident could be levied under the Protection of Personal Information (Popi) Act…

If the data breach occurred as a result of a contravention of Popi, then the principle of strict liability would apply – subject to a responsible party being found to have failed to comply with the act…

A fine would be warranted if Liberty’s IT systems were found by the regulator to be poor.

When it rains it pours.

Until such a time as Liberty and the hackers come to some kind of an agreement, experts recommend that those who have policies with the company change their passwords, especially if they have used the same password for other sites.

I would say that’s daft, but we all do it.

[sources:fin24&mybb&monyeweb]