The psychotherapy center Vastamo is currently being blackmailed.
The blackmailers have patient information that includes customer names, addresses, phone numbers, and social security numbers, among other things.
In addition, the leaked data includes patient data that includes sensitive personal conversations.
Ilta-Sanomat has seen information leaked online.
The information tells about the contents of the therapy sessions and reveals very sensitive and intimate things.
In addition, the blackmailer published his ransom correspondence with Vastamo.
The extortionist filed a ransom demand, in which 40 bitcoins, or about 450,000 euros, were demanded from the Vastamo.
The office contacted the authorities when the blackmail came to an end.
According to Ilta-Sanomat's observation, no money has been transferred to the Bitcoin address given by the blackmailer to his victims.
This morning, the blackmailer published the data of 100 therapy clients in the encrypted Tor network at 4.52 Finnish time.
The blackmailer made the matter public at the Overboard Forum.
The party, which presented itself as a blackmailer, contacted Ilta-Sanomat after the publication of the first article.
Based on the checks made by the IS, the contacting party appears to be the same as the author.
The author, who worked in good English, said he represented the group that was behind the breakthrough.
The author said his actions were immoral, but he wanted to roll the blame on Vastamo, who “did not adequately protect his clients and did not want to protect their information”.
The contact person says it will publish the information of one hundred psychotherapy clients every day until the demands are agreed.
According to the blackmailer, the group has data from 40,000 therapy clients.
The claim has not been confirmed by any other party.
According to the respondent's press release, the data recorded after November 2018 has not ended up with hackers.
This is in line with the information provided to Ilta-Sanomat by the alleged tightener.
IS does not publish information on the exact time of the burglary.
The blackmailer said the group had only recently realized what kind of substances it had in its hands.
Tuomas Kahri, Chairman of the Board of the Response Office, deeply regrets what happened.
He says the counterparty received a blackmail message at the end of September, but does not confirm the scale of the burglary or the amount of data leaked.
The blackmail was immediately reported to the authorities.
- Due to the ongoing police investigation, we have not received a message on the subject before, because for technical reasons the investigation did not want to make the matter public, Kahri tells IS in his e-mail.
Kahri says the Respondent is deeply sorry for the victims of the security breach.
The office's information systems have been reviewed, are highly protected and their use is monitored more effectively by their security professionals.
- The authorities and the Response Office will do their utmost to find out what has happened, to prevent the dissemination of information and to bring the perpetrators to justice.
In addition to the Central Criminal Police, the Cyber Security Center under Traficom and the Office of the Data Protection Commissioner are involved in the investigation.
We also use external independent security and data protection experts, Kahri says.
According to the allegations made by the blackmailer, the password protection of Vastamo's systems would have been very weak.
Kahri does not comment on the argument.
The office has not informed the matter before this day, not even the victim of the burglary.
- Due to the ongoing police investigation, we have not received a message on the subject in the past, as for technical reasons the investigation has not been made public.
We have posted this on our website today.
- The office takes care of the realization of the rights of the persons in the register in the manner required by law.
The office will take the necessary measures to inform the people who have been the subject of the security breach about the situation, Kahri continues.
Criminal Commissioner Marko Leponen from the Central Criminal Police says that the police have a case as described in the investigation.
He will not disclose the name of the target party for investigative reasons.
The case is being investigated as a gross intrusion.
Cybercrime is usually difficult to detect.
Leponen does not assess the chances of surviving the crime, but says the police will conduct a preliminary investigation by all means.
Police urge individuals to report a crime if their information is published online.
In this case, the dissemination of information that infringes on privacy comes into question.
Leponen does not comment on whether the party has committed a possible gdpr violation if its customer database has been stolen, but the victims have not been notified.
The matter belongs to the Data Protection Officer, on the basis of whose actions the police can initiate a preliminary investigation.