Industry News

Cosmetic surgery hacked. Nude photos and data exposed on the dark web, as hackers blackmail patients

A chain of cosmetic surgery clinics in Lithuania has been hacked, and fallen victim to cold-hearted extortionists who have no qualms about blackmailing both the business and its customers.

According to media reports, a hacking group called the Tsar Team broke into the servers of Grožio Chirurgija and stole the personal data and more than 25,000 private photos of clients.

At first the Tsar Team attempted to sell the stolen data back to the clinic, for the eye-watering sum of 300 bitcoins (about half a million dollars). But when the clinic refused to play ball, the hackers targeted patients – demanding payments of up to 2000 Euros for the victim’s photos, home addresses, scans of passports and national insurance numbers.

The Grožio Chirurgija cosmetic surgery clinics has thousands of customers in more than 60 countries around the world, including the UK, Germany, and Denmark, who travel to Lithuania for nips and tucks on the cheap.

Clients are thought to include celebrities, who might have particular interest in their details and private photos not leaking onto the internet.

Even the most selfie-obsessed individual would probably balk at the thought of private photographs of their wobbly or intimate body parts taken before and after surgery falling into the hands of the public.

The full database is now being offered for a 50 bitcoin, a measly $112,000 at current rates, which is quite a reduction from the hackers’ initial demands.

Andzejus Raginskis of Lithuania’s police bureau told reporters that the data had been uploaded to the dark web:

“It’s extortion. We’re talking about a serious crime.”

On its website, the hacked chain of clinics says that it is working closely with the police, and is urging customers to take precautions.

Those precautions include telling clients to be wary of opening emails or clicking on links which may have been sent by the blackmailers, and to pass any communications (including SMS text messages they may receive) to the authorities.

Grožio Chirurgija is also advising concerned customers that if they find a link to their private data online, to request its removal from the Google search engine as soon as possible.

All of which seems like sensible advice to me, but I was disappointed to see it only offered on the Lithuanian version of the surgery’s website and not on its (probably more widely understood) English language edition.

The cosmetic surgery says that it is strengthening its IT security in the wake of the attack. But for those innocent patients whose privacy has been put at risk, it really is a case of too little, too late.

About the author


Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

1 Comment

Click here to post a comment
  • Cosmetic surgery has its place in society, especially for people who have become disfigured and need surgical correction so as not to elicit the disgust response from the conditioned public. But for "enhancing your beauty so that you can be happy" is an absolute nonsense. I do not feel as sympathetic to these hacked people as perhaps the mainstream would.