Hackers on Tuesday publicly posted more than 25,000 files and private images stolen from a Lithuanian plastic surgery clinic, including nude and "before-and-after" photos, after attempting to financially extort the medical facility and its clients, according to multiple reports.
The clinic, Grozio Chirurgija (which in English translates to "Cosmetic Surgery"), has released a statement acknowledging the disastrous breach, which was perpetrated by a hacking collective called "Tsar Team." It is unclear at this time if this group is affiliated with the allegedly Russian government-backed threat group Fancy Bear, which sometimes goes by the alias "Tsar Team," or if this is merely a coincidence.
In addition to patient images, some of which belong to celebrities, the hackers reportedly also published passport scans, insurance and address information and social security numbers. Prior to the 30 May dump, the hackers released several hundred images in March, some reports have noted.
In its statement, Grozio Chirurgija urges victims not to open or download information or visit links provided by the blackmailers or unknown parties. It also advises victims to report to the appropriate web administrators if they see their data published or referenced online, and to alert the police if they have been contacted by the criminals.
Various news outlets have reported that the perpetrators earlier this year tried to blackmail patients in the US, Denmark, Germany, the UK, Norway, and other European countries.
Citing Andzejus Raginskis, deputy chief of Lithuania's criminal police bureau, an ABC News report states that victims were asked to pay up to 2,000 euros, to ensure that their images and data would not be doxxed online. Additionally, the clinic itself refused a ransom demand of 344,000 euros to prevent the data dumping, the ABC report continues.
A different article by the International Business Times cited different figures, reporting that the clinic was blackmailed for 300 Bitcoins.
SC Media has reached out to the Lithuanian police, and the Lithuanian National Computer Emergency Response Team (CERT-LT) for more details. SC Media also reached out to the FBI to confirm if any Americans reported receiving a ransom demand.