News

2017.06.02 13:36

Hackers publish private photos from beauty surgery clinic

Algirdas Acus2017.06.02 13:36

Hacker group Tsar Team stole personal records and photos of patients from data system of Lithuanian clinic ‘Beauty Surgery’ and put them up for sale already in April, but then posted only several hundred victims’ data on Tor network.

Hackers demanded around 344 thousand Euros in bitcoins in ransom to prevent the data posting, but the clinic refused to pay.

‘Since the information had been accessed illegally, by criminal activity, it has to be treated very responsibly, and the best way would be to give it to police’, back then said Jonas Staikūnas, Director of Kaunas based clinic.

Now that all the information is posted victims are required to pay from 50 to 2000 Euros to guarantee that their nude before/after surgery images, passport copies and other data would be returned into private realm.

Lithuanian pop singer Vaidas Baumila, who is among the victims, laughed in May that his photos of nose surgery were worth only 50 Euros, but agrees that for others the problem could be more serious.

‘Women that have undergone some intimate surgery probably feel much worse’, said Vaidas Baumila.

Over 25 thousand photos were stolen from the clinic, with people from Britain, Germany and Nordic countries among its patients.

‘Clinic will have to face numerous litigations and probably will experience heavy losses. It is a wakeup call for all Lithuanian business,’ said Tadas Langaitis who chairs Parliamentary subcommittee on Digital Economy and Innovations.

There was, however, quite a lot of criticism pointed at state institutions as well as State Data Protection Agency that is staffed with 27 people, in all, and does not have resources to ensure that all private companies meet personal data security obligations.

‘More attention is needed from operators themselves, but also from controlling institutions to look more carefully into service providers’, said Deputy Defence Minister Edvinas Kerza.

Lithuania will have to strengthen its institutions as next year EU will launch a new data protection regulation.

Lithuanian police warns that everyone who wants to access illegally obtained personal information risks being sentenced for a 3-year imprisonment.

Hacked beauty clinic stresses in its website that all the links to leaked information cannot be shared to social media and must be transferred to police.
 

Shotlist
Shots of information hacked, now accessible through the Internet

Sound bite (Lithuanian)

JONAS STAIKŪNAS, Director of “Beauty Surgery”, said in April:

Since the information had been accessed illegally, by criminal activity, it has to be treated very responsibly, and the best way would be to submit it to Kaunas police headquarters investigators.

Sound bite (Lithuanian)

VAIDAS BAUMILA, Lithuanian pop singer said in May:

(laughs and then jokes) If they would have asked for more it would have been more pleasant. (Cutaway) Women that have undergone some intimate surgery probably feel much worse.

Shots of surgery, but not hacked from the beauty clinic, it is from the Vilnius Santariškės hospital

Sound bite (Lithuanian)

TADAS LANGAITIS, Chairman of the Parliamentary subcommittee on Digital Economy and Innovations, said in May:

Clinic will have to face numerous litigations and probably will experience heavy losses. It is a wakeup call for all Lithuanian business.

More of surgery (not from beauty clinic)

Sound bite (Lithuanian)

EDVINAS KERZA, Deputy Minister of Defence, said in May:

More attention is needed from operators themselves, but also from controlling institutions to look more carefully into service providers, their numbers, those who made their systems legal, and which of them actually meet requirements. Audits and checks are needed.

Two shots of Vilnius from a drone

Sound bite (Lithuanian)

RAMINTA STRAVINSKAITĖ, Representative of International Technology Law Association to Lithuania, said in May:

There will be a novelty that will oblige to inform all persons related to an incident, about what happened and State Data Inspection will also have to be informed.

Mums svarbus tikslumas ir sklandi tekstų kalba. Jei pastebėjote klaidų, praneškite portalas@lrt.lt