Vastaamo data breach information

Vastaamo data breach
Date	November, 2018 (first intrusion); March, 2019 (second penetration); October 21, 2020 (became public);
Location	Finland
Type	cyberattack, data breach, ransomware
Target	Vastaamo
Suspects	Aleksanteri Julius Kivimäki

Vastaamo was a Finnish private psychotherapy service provider founded in 2008.^[1] On 21 October 2020, Vastaamo announced that its patient database had been hacked. Private information obtained by the perpetrators was used in an attempt to extort Vastaamo and, later, its clients.^[2] The extorters demanded 40 bitcoins, roughly worth 450,000 euros at the time, and threatened to publish the records if the ransom was not paid. To add pressure to their demands, the extorters published hundreds of patient records a day on a Tor message board.

After extortion of the company failed, the extorters sent emails to the clients whose data they had obtained, demanding that they pay ransoms in order to avoid publication of their sensitive personal data.^[3]^[4]^[5]^[6] These ransom demands were sent to roughly 30,000 victims.^[6] The company's security practices were found to be inadequate: the sensitive data was not encrypted and anonymized^[7]^[6] and the system root did not have a defined password.^[8]^[9]^[10] The patient records were first accessed by intruders in November 2018, while the security flaws continued to exist until March 2019.^[5]

In December 2021, the Finnish Data Protection Authority (DPA) fined Vastaamo 608,000 euros for violating the provisions of the General Data Protection Regulation (GDPR).^[9]^[10] This cyber-attack became the biggest criminal case in Finland history. It also turned into an international scandal and a cyber-attack unprecedented in its scope due to the tactic called double extortion applied by the cyber criminals.^[11]

On October 28, 2022, the National Bureau of Investigation named the suspect behind the breach as 25-year-old Aleksanteri Julius Kivimäki.^[12]^[13] Kivimäki was charged in absentia at Helsinki District Court for aggravated data breach, aggravated attempted extortion, aggravated distribution of information infringing private life, blackmail, breach of confidentiality and falsification of evidence.^[12]^[14] An arrest warrant was filed with Europol and Interpol against Kivimäki stating that he was in Dubai.^[14]^[13] In 2015, Kivimäki, then a member of Lizard Squad, was found guilty on over 50,000 counts of computer crime.^[13]^[15]

Kivimäki was arrested in France on 3 February 2023.^[16] He was extradited to Finland on 24 February.^[17]

^ "Psykoterapiakeskus Vastaamo Oy | Yrityksen tiedot". IS Taloussanomat (in Finnish). Retrieved 2020-10-28.
^ Teivainen, Aleksi (2021-01-06). "HS: Owner of Psychotherapy Centre Vastaamo asks for inquiry into acquisition". Helsinki Times. Retrieved 2022-03-31.
^ "Psychotherapy centre's database hacked, patient info held ransom". Yle Uutiset. 21 October 2020. Retrieved 2020-10-28.
^ Kleinman, Zoe (2020-10-26). "Therapy patients blackmailed for cash after clinic data breach". BBC News. Retrieved 2020-10-28.
^ ^a ^b Sipilä, Jarkko (2020-10-27). "Therapy patients in Finland blackmailed after data breach". CNN. Retrieved 2020-10-28.
^ ^a ^b ^c Ralston, William. "They Told Their Therapists Everything. Hackers Leaked It All". Wired. ISSN 1059-1028. Retrieved 2022-02-23.
^ "Tietoturva | Terapiapotilaisiin kohdistunut tietomurto on voinut vaarantaa tuhansien ihmisten tietosuojan, kyseessä on täysin "poikkeuksellinen tapahtuma"". Helsingin Sanomat (in Finnish). 2020-10-22. Retrieved 2020-10-24.
^ "Kiristäjä julkaisi suomalaisten arkaluontoisia terapiakeskusteluja – vaatii 450 000:ta euroa tai jatkoa seuraa". Ilta-Sanomat (in Finnish). 2020-10-21. Retrieved 2020-10-24.
^ ^a ^b "Psykoterapiakeskus Vastaamolle seuraamusmaksu tietosuojarikkomuksista" (in Finnish). 2021-12-16.
^ ^a ^b Cite error: The named reference :5 was invoked but never defined (see the help page).
^ Cite error: The named reference :9 was invoked but never defined (see the help page).
^ ^a ^b "Tällainen on Julius Kivimäki, jota epäillään Vastaamon tietomurrosta". Iltalehti (in Finnish). Retrieved 2022-11-21.
^ ^a ^b ^c "Court detains Finnish man in absentia as suspect in psychotherapy centre data hacks". Yle News. 2022-10-28. Retrieved 2022-11-21.
^ ^a ^b "Etsintäkuulutettu Julius Kivimäki kertoo elinoloistaan HS:lle: väittää omistavansa rahastoihin liittyvän yrityksen". Ilta-Sanomat (in Finnish). 2022-11-13. Retrieved 2022-11-21.
^ "Hacker Charged With Extorting Online Psychotherapy Service". Krebs on Security. 3 November 2022. Retrieved 2022-11-21.
^ "French police arrest Finnish psychotherapy centre hacking, extortion suspect". Yle.fi. Yle. 3 February 2023. Retrieved 3 February 2023.
^ "Vastaamon tietomurrosta epäilty Aleksanteri Kivimäki on tuotu Suomeen" (in Finnish). MTV. 2023-02-25. Retrieved 2023-02-28.

[:4-1] "Psykoterapiakeskus Vastaamo Oy | Yrityksen tiedot". IS Taloussanomat (in Finnish). Retrieved 2020-10-28.

[2] Teivainen, Aleksi (2021-01-06). "HS: Owner of Psychotherapy Centre Vastaamo asks for inquiry into acquisition". Helsinki Times. Retrieved 2022-03-31.

[3] "Psychotherapy centre's database hacked, patient info held ransom". Yle Uutiset. 21 October 2020. Retrieved 2020-10-28.

[4] Kleinman, Zoe (2020-10-26). "Therapy patients blackmailed for cash after clinic data breach". BBC News. Retrieved 2020-10-28.

[cnn-5] Sipilä, Jarkko (2020-10-27). "Therapy patients in Finland blackmailed after data breach". CNN. Retrieved 2020-10-28.

[:0-6] Ralston, William. "They Told Their Therapists Everything. Hackers Leaked It All". Wired. ISSN 1059-1028. Retrieved 2022-02-23.

[7] "Tietoturva | Terapiapotilaisiin kohdistunut tietomurto on voinut vaarantaa tuhansien ihmisten tietosuojan, kyseessä on täysin "poikkeuksellinen tapahtuma"". Helsingin Sanomat (in Finnish). 2020-10-22. Retrieved 2020-10-24.

[8] "Kiristäjä julkaisi suomalaisten arkaluontoisia terapiakeskusteluja – vaatii 450 000:ta euroa tai jatkoa seuraa". Ilta-Sanomat (in Finnish). 2020-10-21. Retrieved 2020-10-24.

[:15-9] "Psykoterapiakeskus Vastaamolle seuraamusmaksu tietosuojarikkomuksista" (in Finnish). 2021-12-16.

[:5-10] Cite error: The named reference :5 was invoked but never defined (see the help page).

[:9-11] Cite error: The named reference :9 was invoked but never defined (see the help page).

[:12-12] "Tällainen on Julius Kivimäki, jota epäillään Vastaamon tietomurrosta". Iltalehti (in Finnish). Retrieved 2022-11-21.

[:13-13] "Court detains Finnish man in absentia as suspect in psychotherapy centre data hacks". Yle News. 2022-10-28. Retrieved 2022-11-21.

[:14-14] "Etsintäkuulutettu Julius Kivimäki kertoo elinoloistaan HS:lle: väittää omistavansa rahastoihin liittyvän yrityksen". Ilta-Sanomat (in Finnish). 2022-11-13. Retrieved 2022-11-21.

[15] "Hacker Charged With Extorting Online Psychotherapy Service". Krebs on Security. 3 November 2022. Retrieved 2022-11-21.

[16] "French police arrest Finnish psychotherapy centre hacking, extortion suspect". Yle.fi. Yle. 3 February 2023. Retrieved 3 February 2023.

[extradition-17] "Vastaamon tietomurrosta epäilty Aleksanteri Kivimäki on tuotu Suomeen" (in Finnish). MTV. 2023-02-25. Retrieved 2023-02-28.

Vastaamo data breach information

and 10 Related for: Vastaamo data breach information

Vastaamo data breach

List of data breaches

Evide data breach

Emotet

Lizard Squad

List of security hacking incidents

Ylilauta

GDPR fines and notices

Extortion

2020 in Finland

Date	November, 2018 (first intrusion) March, 2019 (second penetration) October 21, 2020 (became public)
Location	Finland
Type	cyberattack, data breach, ransomware
Target	Vastaamo
Suspects	Aleksanteri Julius Kivimäki