"As soon as Meri-Tuuli Auer saw the subject line in her junk folder, she knew it was no ordinary spam email. It contained her full name and her social security number - the unique code Finnish people use to access public services and banking. The email was full of details about Auer no one else should know. The sender knew she had been having psychotherapy through a company called Vastaamo."
"They said they had hacked into Vastaamo's patient database and that they wanted Auer to pay €200 (£175) in bitcoin within 24 hours, or the price would go up to €500 within 48 hours. If she did not pay, they wrote, "your information will be published for all to see, including your name, address, phone number, social security number and detailed patient records containing transcripts of your conversations with Vastaamo's therapists"."
A Helsinki court ordered the release of Aleksanteri Tomminpoika Kivimäki pending appeal after an April 2024 conviction for stealing psychotherapy records belonging to 33,000 people, on the grounds that he may already have spent excessive time in custody. The stolen patient database enabled extortion and long-term harm for victims when attackers used intimate therapy details to demand bitcoin payments. One victim, Meri-Tuuli Auer, received an email containing her full name, social security number and knowledge of her psychotherapy with Vastaamo, with threats to publish names, addresses, phone numbers, social security numbers and detailed therapy transcripts if unpaid. Many victims continue to suffer anxiety, stigma and ongoing privacy and financial risks from the breach.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]