If you were to share something with a psychotherapist in confidence, it would be a shock to find out that the information was stored with precise personal identification details, such as your national ID number, and possibly even notes about your family relationships. Even worse, if that data was made accessible online with little more than a default password, it would be a nightmare. Unfortunately, this is what happened to the patients of the now-bankrupt Psychotherapy Centre Vastaamo. The company was hit with a blackmail demand of €450,000, and when they refused to pay, the extortionist targeted the patients directly. They were asked to pay €200 each, and if they didn't, the hacker threatened to release the transcripts of their conversations. The suspect was eventually apprehended in France, and it was discovered that he had been convicted of over 50,000 cybercrimes in the past. If he is extradited and convicted, it is likely that the consequences will be much more severe than the suspended sentence and small fine he received in the past. To protect yourself from a similar situation, it is important to be aware of your reporting obligations and to be prepared to disclose a breach promptly. This will help to prevent vulnerable people from finding out about the breach from extortion demands.
This Cyber News was published on nakedsecurity.sophos.com. Publication date: Mon, 06 Feb 2023 17:53:02 +0000