2 min read

Hackers attempt to blackmail cosmetic surgery firm, after stealing up to 500,000 patients' records

Graham CLULEY

April 15, 2014

Hackers attempt to blackmail cosmetic surgery firm, after stealing up to 500,000 patients' records

The personal details of nearly half a million people, considering cosmetic surgery, may have been accessed by hackers who then attempted to blackmail a leading chain of clinics.

The online criminals struck last month, breaking into servers belonging to the Harley Medical Group, which has 21 clinics across the United Kingdom.

According to the company, the information stolen was extracted from its website enquiry form, meaning that the hackers could have accessed some 480,000 records containing potential clients’ names, addresses, dates of birth, email addresses and telephone numbers, as well as details of the particular type of cosmetic procedure they were interested in.

Harley Medical Group said in a statement to customers affected that it had no reason to believe that further clinical or financial information was accessed, and that it had informed the police and the UK’s Information Commissioner’s Office (ICO) about the data breach.

We acted immediately when we became aware that an individual had deliberately bypassed our website security, gaining access to contact information from initial inquiries, in an attempt to extort money from the company.

The police and the Information Commissioner were notified and we contacted everyone whose inquiry may have been accessed to apologise and to reassure them that all clinical and financial records remain totally secure.

We have taken action to further strengthen the security around website inquiries.

Details on precisely how the hackers managed to access what should have been private, safely secured, information has not been made public, but one thing is clear: the motivation for this attack was financial.

If you’re considering having a tummy tuck, a breast enlargement or some other form of cosmetic surgery, chances are that you want to keep the treatment private.

There aren’t many people who are comfortable admitting that they have confidence issues with their physical appearance. And, for that reason, you would hope that cosmetic surgeries keep a close guard of the personal data of their clients and potential customers.

And chances are that the people who are considering having cosmetic surgery are well-heeled with plump wallets. Some may even work in the entertainment industry, and be nervous about the great unwashed public knowing that they have had their nose fixed or a boob job.

Such information could be used not just to embarrass an individual, but also – potentially – to extort money from them. Furthermore, the private information could be sold to tabloid newspapers or entertainment websites which are scrabbling for some showbiz tittle tattle to fill their pages.

It’s good that Harley Medical Group contacted the police, informed the ICO, and contacted those people whose data may have been compromised.

However, everyone will be disappointed to hear that the private information of thousands of people has been exposed by the company’s sloppy security.

Any organisations storing sensitive information have a duty to properly defend it with layered security, properly hardened websites and strong tough-to-crack encryption.

If firms don’t take steps to properly protect their customers’ information they shouldn’t be surprised if they take their custom elsewhere.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read