Security News > 2023 > April > Ex-CEO of breached pyschotherapy clinic gets prison sentence for bad data security
After stealing the data, he decided to blackmail the clinic for €450,000; when that didn't work he stooped yet lower and tried blackmailing the patients for €200 each, with a warning that the "Fee" would increase to €500 after 24 hours.
Patients who didn't pay up after a further 48 hours, the blackmailer said, would be doxxed, a jargon term meaning to have your personal data exposed publicly on purpose.
Even though the clinic was itself the vicitim of an odious cybercrime, the ex-CEO of the clinic, Ville Tapio, faced criminal charges, too.
As well as failing to take the sort of data security precautions that any medical patient would reasonably assume were in place, and that the law would expect.
Modern breach disclosure and data protection regulations, such as the GDPR in Europe, make it clear that data breaches can't simply be "Swept under the carpet" any more, and must be promptly disclosed for the greater good of all.
Well, news from Finland is that Tapio has now been convicted and given a prison sentence, reminding business leaders that merely promising to look after other people's personal data is not enough.