Large corporates don’t tend to have much of a sense of humor when it comes to cybersecurity. Most ascribe to the “lock ‘em up and throw away the key” mentality, which often sees them push for young hackers to be sent to jail, and upon release, faced with punitive parole conditions.
Last week, a severe DDoS attack nearly brought Bunq to its knees. According to Djurre Njip, a company representative, the company worked “around the clock” to mitigate the attack, and fortunately, the service mostly remained online.
Bunq then started its investigation into who was behind the attack. And then something weird happened. The perpetrator – an 18-year old school student known only as “J.” – went to the company’s offices and confessed. Per Djurre:
“As we got closer he decided to step forward himself. He, J., just visited our office to apologize for his actions. He is 18 and still in school. He apologized sincerely.”
And rather than call in the cops, Bunq has decided not to press charges, as doing so would potentially result in prison time, along with punitive fines. That, Djurre said, would effectively destroy his life.
“We think that is too much of a punishment for what is essentially a youthful sin. Instead we agreed he will do a week of community service for Amnesty International.”
According to Dutch publication RTLZ, the teenager was angry over a price hike. Earlier this year, Bunq raised its monthly subscriptions from €1 to €7.99 per month, in a move that was hugely unpopular with its users.
Most took to Twitter to complain, but according to RTLZ, J. decided to purchase a botnet, which seems a little extreme.
Personally, I’m impressed with Bunq. It exercised a measure of restraint you wouldn’t typically expect to see from a financial institution. And making J. volunteer with Amnesty International is a nice touch, too. Kudos.