Plastic Surgery Clinics hacked; over 25,000 photos and private data leaked

A chain of plastic surgery clinics in Lithuania suffered cyber attack earlier this year with over 25,000 pictures (including nudes and personal data) stolen, and police said the hackers released those details online last Tuesday.

Hackers have published naked photos of thousands of plastic surgery patients who had work done at Lithuanian clinic Grozio Chirurgija. Pictured: One of the alleged leaked photos

According to the police report, those responsible for this attack are popularly known as “The Tsar Group.”

The attack occurred earlier in March when servers belonging to Grozio Chirurgija clinics were hacked.

A large number of clients located in Denmark, Germany, Norway, and Britain, among other European Union (EU) countries received threats and were asked to part with some cash.

Part of the stolen data was released at that time to intimidate those who failed to pay their ransom, as well as provide proofs to those who thought the hackers were jokers.

A hacking group called Tsar Team is now demanding ransom from clients in Germany, Denmark, Norway, the UK and other EU countries Pictured: The Grozio clinic which was hacked

Police confirmed the last batch of every stolen data has been released, but stressed that the total number of affected clients are yet unknown.

Dozens have stepped forward to report being blackmailed for money.

“It’s extortion. We’re talking about a serious crime,” said Andzejus Raginskis, the deputy chief of Lithuania’s criminal police bureau.

Police warned all internet users to desist from downloading the leaked files as efforts are underway to clamp down on criminals.

Security agencies around Europe are also working in harmony with police, and have assured that netizens who download and store any of the private data will be prosecuted.

The hackers obtained uncensored 'before and after' photos of patients who underwent cosmetic procedures. Pictured: The hack as reported on Lithuanian TV

“Clients, of course, are in shock. Once again, I would like to apologize,” Jonas Staikunas, the director of Grozio Chirurgija, told reporters.

“Cybercriminals are blackmailers. They are blackmailing our clients with inappropriate text messages.”

Lithuanian media previously reported that the hackers requested for about £1,700 (£2,200) from their victims. A prompt payment would ensure their records, including passport scans and national insurance numbers, are taken offline.

Victims have been told to pay up to €2,000 to guarantee nude images, passport copies, social security numbers and other data would not be made public

Grozio Chirurgija clinic confirmed they received offers from the hackers who said they’d safety return all information in their custody for only €344,000 (around $384, 643).

The clinic refused to comply with the hackers’ demand.

The unauthorised collection of personal data in Lithuania is punishable by up to three years in prison (file photo of a patient at the clinic)

A secret plan to hack some strategic systems in Lithuania was reported by The Baltic Times about two weeks ago.

Lithuanian armed forces website was also hacked in 2015.