Individualized extortion to customers and employees of Vastaamo

Posted date 09/11/2020

Employees and thousands of patients at the Finnish psychotherapy centre, Vastaamo, have been extorted due to the theft and publication of their personal information following a security incident in its IT infrastructure.

The data theft took place in November 2018 and mid-March 2019, after an access to the databases due to a security breach. However, individualised extortion by cybercriminals has started on 24 October 2020.

The compromised data, which amounts to some 10Gb, covers contact information, patient records, social security numbers, among others, and 200 € in bitcoins per person are being asked for as ransom.

In response to this incident, Vastaamo, aided by cyber security experts, has taken steps to investigate and resolve what happened. It has also informed the relevant authorities.