A data breach at a Lithuanian cosmetic surgery clinic has resulted in 25,000 private photos, including nude pictures, being posted online.
The criminal group, which calls itself โTsar Teamโ, hacked the servers of the Kaunas-based Grozio chirurgija clinic earlier this year and demanded 300 bitcoin โ about โฌ730,000 โ which it called โa โsmall penalty feeโ for having vulnerable computer systemsโ. The clinic refused to pay.
Patients, reportedly including a number of celebrities, were also blackmailed, with the criminals demanding bitcoin payments of between โฌ50 and โฌ2,000 depending on the sensitivity of the data, which included passport and credit card details, national insurance numbers, and nude โbeforeโ and โafterโ surgery pictures.
โClients, of course, are in shock. Once again, I would like to apologise,โ Jonas Staikunas, the director of Grozio chirurgija, told local media. โCybercriminals are blackmailers. They are blackmailing our clients with inappropriate text messages.โ
When the extortion demands were not met, the group released the entire database.
The clinic has warned its patients not to engage with the blackmailers, but to inform the police immediately. Lithuanian police say dozens of victims have already come forward.
