Harley Medical Group, a UK-based plastic surgery clinic, has written to customers warning them hackers broke into company servers and accessed their data, in a breach that could affect as many as 480,000 people.
The attackers then tried to blackmail Harley into handing over money to recover the data, according to the letter sent to customers.
Harley, which has 21 clinics across the UK, took down the website so it could issue fixes that would prevent any issues. Police and the Information Commissioner’s Office (ICO) have been informed of the breach.
“We acted immediately when we became aware that an individual had deliberately bypassed our website security, gaining access to contact information from initial inquiries, in an attempt to extort money from the company,” Harley’s chairman Peter Boddy said in the letter.
“I am sorry that the contact information that you provided in your initial enquiry via our website has been accessed in this way.”
Graham Cluley, writing for the Hot for Security blog, was concerned about the potential for further extortion from patients.
“Such information could be used not just to embarrass an individual, but also – potentially – to extort money from them. Furthermore, the private information could be sold to tabloid newspapers or entertainment websites which are scrabbling for some showbiz tittle tattle to fill their pages,” Cluley said.
Love IT security? Try our quiz!
US Commerce Secretary Gina Raimondo says Huawei's flagship smartphone chip 'years behind' US technology, shows…
Cloud companies, business user groups say Broadcom price changes do not address their concerns, as…
Dating app Grindr sued over claims it shared sensitive user data, including HIV status, with…
Meta Platforms opens operating system behind Quest virtual reality headsets to third parties amidst competition…
European Commission may ban rewards feature in recently launched TikTok Lite that it calls 'toxic…
US House of Representatives passes new bill combining TikTok measures with foreign aid, may face…