Cyber extortionists swipe cosmetic surgery records, try to blackmail Harley Medical Group

Filed Under: Data loss, Featured, Law & order, Security threats

Cosmetic surgery. Image courtesy of Shutterstock.Cyber crooks may have broken into Harley Medical Group, a cosmetic surgery firm with 21 clinics in the UK, to filch the intimate details of about 480,000 potential patients and then try to extort money from the company.

The company believes that one intruder struck last month, managing to get their hands on online forms sent in from people querying about procedures such as tummy tucks and liposuction.

From a statement sent by Chairman Peter Boddy to all clients of the company:

We recently became aware that an unknown individual had deliberately bypassed our website security, gaining access to information from initial website enquiries in an attempt to extort money from the company.

The intruder also made off with potential clients’ names, email addresses, phone numbers, dates of birth and addresses.

The company insists that neither clinical nor financial information was accessed.

No other details about how the thieves committed the caper are available yet.

Harley's management didn't give in to the thieves' demands. Instead, they called the police and the Information Commissioner's Office.

Then, they beefed up their online security systems and apologised to customers, a spokesman said:

The police and the information commissioner were notified and we contacted everyone whose inquiry may have been accessed to apologise and to reassure them that all clinical and financial records remain totally secure. We have taken action to further strengthen the security around website inquiries.

It's certainly easy to see why a clinic that offers nose jobs, breast augmentation - "boob jobs", as media enjoys calling them - or similar surgeries would be a juicy target for extortionists.

Some people who have these type of surgeries may not want to admit to it publicly. Particularly when, *ahem*, they get dubbed with somewhat derisive names.

We've seen a rash of cyber extortion cases, many of a sexual nature, such as the guy who tried to extort Miss Teen USA with the webcam photos he got from her hacked computer.

He's serving 18 months.

Another case involved two Polish programmers who were recently jailed for 5 years for DDoS and cyber-extortion of a UK-based online casino.

Nobody should have to fear for the future of their business because of thieves and extortionists, but unfortunately, that's a constant possibility for online businesses.

Anybody who transacts with customers online - most particularly over intimate or potentially embarrassing things - has got to believe it could happen to them, and accordingly batten down the hatches, security-wise.

It's good that Harley Medical Group's doing it now. Hopefully similar businesses will learn from its experience and do the same - before it's too late and it happens to them.

Image of Cosmetic surgery courtesy of Shutterstock.

, , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.