Hackers publish private photos from cosmetic surgery clinic
Hackers have published more than 25,000 private photos, including nude pictures, and other personal data from patients of a Lithuanian cosmetic surgery clinic, police say.
The images were made public on Tuesday by a hacking group calling themselves “Tsar Team”, which broke into the servers of the Grozio Chirurgija clinic earlier this year and demanded ransoms from the clinic’s clients in more than 60 countries around the world, including the UK. Police say that following the ransom demand, a portion of the database was released in March, with the rest following on Tuesday. It’s unclear how many patients have been affected, but police say dozens have come forward to report being blackmailed. “It’s extortion. We’re talking about a serious crime,” the deputy chief of Lithuania’s criminal police bureau Andzejus Raginskis told reporters.
More than 1,500 British patients are listed in the database. Hackers demanded ransom payments of between €50 and €2,000, paid in bitcoin, depending on the sensitivity of the data stolen – with nude photos, passport scans and national insurance numbers all serving to bump up the ransom requested. Prior to parcelling out the ransoms patient by patient, the hackers attempted to offer the entire database up for sale for 300 bitcoin – currently worth more than half a million pounds – but the clinic refused to pay. The full database has since been reduced to 50 bitcoin, or about £100,000.
Lithuanian police say they are working with security services in other European countries, and have warned that people who download and store the stolen data could also be prosecuted.
“Clients, of course, are in shock. Once again, I would like to apologise,” Jonas Staikunas, the director of Grozio Chirurgija, told local media. “Cybercriminals are blackmailers. They are blackmailing our clients with inappropriate text messages.”
Lithuanian business site 15min reported that the hack turned attention to the nation’s cybersecurity issues more generally: more than half the country’s sites can be easily attacked, according to a national status report, with “clinics, travel agencies and private doctors’ offices” all highlighted as vulnerable.