Harley Medical Group, a UK-based plastic surgery clinic, has written to customers warning them hackers broke into company servers and accessed their data, in a breach that could affect as many as 480,000 people.
The attackers then tried to blackmail Harley into handing over money to recover the data, according to the letter sent to customers.
Harley, which has 21 clinics across the UK, took down the website so it could issue fixes that would prevent any issues. Police and the Information Commissioner’s Office (ICO) have been informed of the breach.
“We acted immediately when we became aware that an individual had deliberately bypassed our website security, gaining access to contact information from initial inquiries, in an attempt to extort money from the company,” Harley’s chairman Peter Boddy said in the letter.
“I am sorry that the contact information that you provided in your initial enquiry via our website has been accessed in this way.”
Graham Cluley, writing for the Hot for Security blog, was concerned about the potential for further extortion from patients.
“Such information could be used not just to embarrass an individual, but also – potentially – to extort money from them. Furthermore, the private information could be sold to tabloid newspapers or entertainment websites which are scrabbling for some showbiz tittle tattle to fill their pages,” Cluley said.
Love IT security? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…