Police in Lithuania say personal data and more than 25,000 private photos—including nude pictures—were made public Tuesday following the hacking of a chain of plastic surgery clinics. Police said a hacking group called Tsar Team broke into the servers of Grozio Chirurgija clinics earlier this year and demanded ransoms from the clinic's clients in Germany, Denmark, Britain, Norway, and other EU countries, the AP reports. Police say after threats, several hundred images were released in March and rest of the database was made public on Tuesday. It's unclear how many patients have been affected, but police say dozens have come forward to report being blackmailed.
"It's extortion. We're talking about a serious crime," the deputy chief of Lithuania's criminal police bureau told reporters. Police are working with security services in other European countries and have warned that people who download and store the stolen data could also be prosecuted. Cybercriminals are "blackmailing our clients with inappropriate text messages," said Jonas Staikunas, the director of Grozio Chirurgija. He said victims were asked to pay up to 2,000 euros ($2,238) to guarantee that nude images, passport copies, social security numbers, and other data would not be made public.