The hacker group claiming responsibility for the attack on Liberty has posted a message to Pastebin, warning that it will release sensitive information if the company does not meet their extortion demands.
This follows a statement on Saturday evening, 16 June, from Liberty that hackers accessed the company’s email service.
Liberty stated that no clients had suffered losses as a result of the attack, however, and its computer systems were secure.
The Sunday Times reported the following day, 17 June, that the attackers obtained “sensitive data” about “top clients,” and demanded millions from Liberty to not expose the information to the public.
A statement from the “Liberty hackers” was then published on Pastebin on 18 June, linked to a repository where there were reportedly files to prove that the attackers were legitimate.
The Files.fm repository was still active at the time of writing, but contained no files.
Liberty was asked if it was involved in the Files.fm repository takedown, but it did not respond to questions by the time of publication.
According to the Pastebin statement, the attackers claim to have obtained 40TB of data, which they will start releasing in parts.
Liberty previously stated the attackers only accessed email services, but the Pastebin statement claims the alleged hackers have a database file which includes customer data and financial data.
The attackers said they also have full backups of Liberty’s directors’ emails and “more interesting data.”
Liberty did not respond to requests for comment on the accuracy of the statements in the Pastebin post.
The company has stated several times, however, that no clients suffered financial losses as a result of the attack, and the company’s policies and transactions remain in place.
After MyBroadband sent questions to Liberty on the Pastebin statement, the post was taken down.
At the time of writing, it was still visible in Google Web Cache, and a screenshot is embedded below.
The statement from the “attackers” is reproduced below.
Hello world, Welcome to Stage 1 of Liberty Holding Breach
After few funny days around “Liberty Holdings” breach, now its time to show some interesting data:
Enjoy, this is only the sample given to Liberty management as proof for sensitive data.
We still holding 40TB that will be published as few parts, every day. Database file includes customers data, finance data, few full email backup of their directors and more interesting data.
“Liberty customers have not suffered financial losses due to cyber attack” — For only one reason, we did not do that for harming your customers, our goal was to improve your security. You made your choice to, time to pay!