NBI to continue criminal investigation into exceptionally large-scale hacking of psychotherapy customer files
The Finnish National Bureau of Investigation (NBI) actively continues the criminal investigation of the suspected computer break-in against Psychotherapy Centre Vastaamo. The police suspect that sensitive customer information held by Vastaamo has ended up in the hands of one or more criminals by means of a computer break-in committed in 2018.
In September 2020, Vastaamo received a blackmail threat to make its customer information available to the public. The company reported the incident to the police at the end of the month after receiving the ransom demand, and the criminal investigation has been underway since.
In late October 2020, Vastaamo's customer information was published on the Tor network, for example. The police have also informed that individual customers of Vastaamo have received ransom e-mails threatening to reveal their personal information if they did not pay the ransom. The NBI advises the customers not to pay anything to the blackmailer as this will not ensure secrecy of the compromised information. The police do not know whether the sender of the ransom e-mails and the blackmailer of Vastaamo are one and the same person.
The offences currently under investigation by the NBI comprise an aggravated computer break-in, aggravated extortion, and aggravated dissemination of information violating personal privacy, but they may change as the investigation goes on.
– This hacking operation is exceptional by Finnish standards because of the sensitive nature of the information disseminated online. We currently have several avenues of investigation, and we will make every effort to solve the case, says Head of Investigation, Detective Chief Inspector Marko Leponen of the NBI.
The police also cooperate with other national and international authorities, including Europol.
– We are grateful for the help we have received from different operators in Finnish society. 'White hat hackers', among others, have offered help in investigating the case. We especially appreciate the fact that people urge each other not to share the compromised information on social media. One should remember that this constitutes a crime, continues Marko Leponen.
Thousands of victims have already reported extortion and dissemination of information violating personal privacy to the police. The police advise the victims to report online or at the police station, but there is no need to hurry, as reporting is not a precondition for continuing the criminal investigation. Please find instructions on how to report an offence online at www.poliisi.fi/crimes/reporting_an_offence_online.
When reporting an offence for this particular criminal case, remember to
follow the instructions on the form; points applicable to the above offences include 'Other offences' and 'Internet' (place of offence)
- mention the word 'Vastaamo' in the report
- mention to whom any ransom message was addressed
- mention where any compromised personal information has leaked (if known)
- mention any ransom demand received and how the ransom should be paid, including the account number
- mention any ransom paid
- keep any ransom message received as it is for the criminal investigation.
– This is extremely unfortunate for the victims, and we would like to emphasise that they should by no means blame themselves for becoming victims of the incident, Detective Superintendent Tero Muurman of the NBI points out.
To submit any tip-offs and other information about the offence, go to www.poliisi.fi/nettivinkki.
The police informed of the criminal investigation of the aggravated computer break-in on 21 October. Please find the press releases in Finnish at www.poliisi.fi/keskusrikospoliisi/tiedotteet and in Swedish at www.poliisi.fi/centralkriminalpolisen/meddelande.
Please find instructions and other information (in Finnish) for the victims of this case at www.tietovuotoapu.fi (shared website of various authorities and organisations).