Hackers have threatened to leak before-and-after plastic surgery photos from a hospital chain frequently visited by celebrities.
The hacker group, known as REvil, said they had obtained more than 900 gigabytes worth of patient pictures, the BBC reports.
On its darknet site, the REvil group said it had “intimate photos of customers” that were “not a completely pleasant sight.”
According to the BBC, some of the celebrities on the patient roster at The Hospital Group in the UK include stars from reality TV shows Big Brother and The Only Way is Essex.
The patient list also includes Kerry Katona from pop group Atomic Kitten and actress Tina Malone from the TV series Shameless.
Data security breach
The Hospital Group is a chain of 11 clinics specialising in breast enlargements, bariatric weight loss surgery, “nipple corrections” and nose jobs.
The company has alerted its patients to the cyber-attack, the BBC reports.
“We can confirm that our IT systems have been subject to a data security breach,” the Hospital Group said in a statement.
“None of our patients’ payment card details have been compromised but at this stage, we understand that some of our patients’ personal data may have been accessed.”
Many of the hacked images do not show the patient’s face – only the body part being worked on.
One customer, Simon Hails, told the BBC he was very worried about his details being in the hands of hackers.
Hails had chest reduction surgery at one of The Hospital Group’s clinics.
“I have had an email from The Hospital Group informing me of a ‘data security incident’ but no detail as to what has been hacked,” he said.
“I’m obviously concerned as the last thing I want is ‘before photos’ being splattered around in the public domain.
“I’ve tried to keep my surgery private and not even some of my friends and colleagues know about it, so the data breach is concerning for me.”
‘I’ve tried to keep my surgery private and not even some of my friends and colleagues know about it.’
REVil is a ransomware group that also goes by the name of Sodinokibi.
High-profile victims of its cyberattacks have included Travelex, Titan Entertainment and a number of high-profile law firms.