The hacker, who calls himself Hacker Buba, breached the network of a bank in Sharjah last month identified as Invest Bank by The Daily Dot, and began releasing customer account and transaction records via Twitter.
Read More on the Author's Website...
We should all applaud the bank for holding their ground on this one. From an incident response and PR perspective, it would have been very tempting to meet the hacker's demands to prevent the release of customer information publicly.
Here are the reasons that would have been a really bad idea:
- Just like ransomware, it would have started a flood of similar attacks on numerous enterprises. Why would a cyber criminal want to sell individual records when they can just get a fat paycheck upfront from the bigger target?
- They need to focus resources on incident response. The organization would morally, reptuationally, and/or legally need to treat this as a full-blown incident anyway. Why not use that money to handle all that goes along with that?
- No amount of money will ever get the information back. And it would be foolish to think that paying $3 Million would keep those records would keep those records off the market forever.