Feeds

Hackers attempt to BLACKMAIL plastic surgeons

Nip, tuck and pwn

5 things you didn’t know about cloud backup

Cybercrooks attempted to extort a chain of cosmetic surgeons after hacking into its systems and stealing an estimated 480,000 files stuffed with info about prospective nip-'n'-tuck customers.

Computer systems at Harley Medical Group, which has 21 clinics across the UK, were pillaged to loot personal details from nearly half a million records referring to people considering plastic surgery. The attack last month was followed by an attempt by hackers to extort blackmail money from the clinic under the threat that sensitive personal information would be released otherwise.

Harley Medical Group did not cave into the demands. A spokesman for the clinic told El Reg that the "perpetrator" compromised its systems after exploiting flaws in its website inquiry form. All sorts of personal information including potential clients’ names, addresses, dates of birth, contact details as well as details information about the type of cosmetic procedure they were inquiring about was exposed as a result of the breach.

Both West Midlands police and data privacy watchdogs at the UK’s Information Commissioner’s Office have been informed about the breach. Harley Medical Group said that neither detailed clinical information nor financial information was exposed as a result of the breach. The spokesman said patient and financial records are held on a separate system, which was unaffected by the incident.

He added that 480,000 records were affected but since prospective clients regular make multiple inquiries about various treatments the actual number of people whose private details have been exposed will be less than this.

The clinic began notifying customers and potential clients about the incident two weeks ago, we're told, but news of the incident only broke on Tuesday.

The news and blog portions of the clinic's site returned a page 404 error on Wednesday lunchtime.

Its Facebook page is still available – if a little, ahem, tight-lipped about the breach. However a series of updates from the official Harley Medical Group Twitter feed do shed further light on the incident.

It added later:

Coverage of the security flap can be found in stories by the Daily Mail (here), The Independent (here) and the Daily Mirror (here).

"If you’re considering having a tummy tuck, a breast enlargement or some other form of cosmetic surgery, chances are that you want to keep the treatment private," writes veteran security expert Graham Cluley in a post on BitDefender's HotForSecurity blog. "There aren’t many people who are comfortable admitting that they have confidence issues with their physical appearance. And, for that reason, you would hope that cosmetic surgeries keep a close guard of the personal data of their clients and potential customers," he added.

"Such information could be used not just to embarrass an individual, but also – potentially – to extort money from them. Furthermore, the private information could be sold to tabloid newspapers or entertainment websites which are scrabbling for some showbiz tittle tattle to fill their pages," he added.

Cluley praised Harley Medical Group for coming clean while faulting it for evidently inadequate security that allowed criminal hackers to riffle through its systems in the first place. "Everyone will be disappointed to hear that the private information of thousands of people has been exposed by the company’s sloppy security. Any organisations storing sensitive information have a duty to properly defend it with layered security, properly hardened websites and strong tough-to-crack encryption." ®

The essential guide to IT transformation

More from The Register

next story
One HUNDRED FAMOUS LADIES exposed NUDE online
Celebrity women victimised as Apple iCloud accounts reportedly popped
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
HP: NORKS' cyber spying efforts actually a credible cyberthreat
'Sophisticated' spies, DIY tech and a TROLL ARMY – report
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?