Finnish authorities have charged a second person in the hacking and blackmail case involving the Vastaamo psychotherapy center. The person charged is 28-year-old Daniel Lee Newhard, a US citizen. He is accused of helping with an attempt to blackmail the center. However, prosecutors say he is not accused of trying to extort Vastaamo's clients.

Newhard denies the charges, and it is unclear if he is currently in jail. The development comes after Finnish hacker Aleksanteri Kivimäki, the main perpetrator behind the Vastaamo hack, was earlier found guilty of trying to blackmail more than 20,000 people. He was sentenced to six years in prison but was recently released while he appeals the decision.

Court records show that Newhard was connected to a server used in the Vastaamo hack. Investigators say the server logs had an IP address linked to Newhard’s internet connection in Estonia, as well as his home address. A business profile from Estonia also lists someone named Daniel Lee Newhard with the same birthdate as the person charged.

Newhard was also suspected of helping share stolen client information online, but prosecutors dropped that part of the case because it would be too expensive to pursue, given the likely punishment.

The Vastaamo data breach, which is said to be one of Europe’s biggest data privacy crimes to date, took place in 2018. However, it was discovered only in 2020. Kivimäki is accused of trying to blackmail both the company and its patients, including children and people with serious trauma, by threatening to publish their therapy notes unless they paid money. More than 24,000 people said they received blackmail messages.

Kivimäki was arrested in France in February 2023 and extradited to Finland, where he was charged with over 30,000 counts related to aggravated data breaches, the leak of private information, and blackmail.

French authorities dismantle major Dark Web platform ‘Dark French Anti-System’

French authorities have dismantled one of the last major French-speaking underground platforms, known as ‘Dark French Anti-System.’ The marketplace, which has been in operation since 2017, has been involved in illegal activities like drug and weapons trafficking.

Two men were arrested in connection with the platform, including its 28-year-old creator. Authorities seized €600,000 worth of bitcoins during the operation. Both suspects are expected to appear before a judge for formal indictment. The platform had amassed over 12,000 active members, according to the authorities.

The takedown is the latest development in a series of operations against illegal activities on the Dark Web conducted by law enforcement in the past few years. In October 2024, Finnish Customs, together with Europol, Swedish and Polish police dismantled the Tor marketplace Sipulitie that sold illegal substances.

In May of this year, international law enforcement partners seized the Dark Web infrastructure of the Nemesis, Tor2Door, Bohemia, and Kingdom Markets underground marketplaces as part of “Operation RapTOR.” The authorities made 270 arrests of Dark Web vendors, buyers, and administrators in Austria, Brazil, France, Germany, the Netherlands, South Korea, Spain, Switzerland, the UK, and the US.

In June, ‘Archetyp Market,’ the most enduring Dark Web drug marketplace, was shut down, with authorities arresting the platform’s administrator, one moderator, and six of the marketplace’s highest vendors. A month later, the US police took down four Dark Web sites hosting child sexual abuse material (CSAM) with over 120,000 members, millions of files, and at least 100,000 visits per day.

‘Pompompurin’ resentenced to 3 years in prison for running BreachForums and possessing CSAM

Conor Brian Fitzpatrick, known online as ‘Pompompurin,’ has been resentenced to three years in US prison for creating and operating BreachForums, a notorious online marketplace used by cybercriminals to traffic hacked and stolen data, and for possessing child sexual abuse material (CSAM).

Fitzpatrick previously pleaded guilty to access device conspiracy, access device solicitation, and CSAM possession. The resentencing comes after the US Court of Appeals for the Fourth Circuit vacated his original 17-day time-served sentence in January 2025, ordering a harsher reconsideration.

Launched in March 2022 following the takedown of RaidForums, BreachForums quickly became one of the largest English-language hacking forums, hosting over 330,000 members and offering more than 14 billion stolen records, including Social Security numbers, bank details, and login credentials.

As part of his plea agreement, Fitzpatrick will forfeit more than 100 domains, multiple electronic devices, and cryptocurrency linked to the scheme. He will serve his sentence in a federal facility, followed by supervised release.

Hundreds of domains seized in a crackdown on the RaccoonO365 phishing service

Microsoft has taken down a major phishing-as-a-service (PhaaS) operation known as RaccoonO365, used by cybercriminals worldwide to steal thousands of Microsoft credentials. The action followed a court order that allowed Microsoft to seize 338 domains linked to the malicious campaign.

RaccoonO365, a $365/month phishing kit, enabled attackers to spoof Microsoft branding and bypass multi-factor authentication. The kit targeted up to 9,000 email addresses daily and was used to steal at least 5,000 credentials across 94 countries.

Microsoft identified a Nigerian national as the tool’s developer and main operator. He allegedly marketed the service via Telegram and received over $100,000 in cryptocurrency.

Cloudflare, which helped shut down the operation, said the group misused its services to hide from detection and carried out phishing attacks by masquerading as Adobe, DocuSign, and Maersk. Cloudflare also pointed to a possible connection between the group behind RaccoonO365 and Russian-speaking cybercriminals, based on the use of Russian in a Telegram bot’s name. However, Microsoft did not confirm this link.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

A 17-year-old teen arrested for Spain’s Socialist Party data breach

Spain’s Guardia Civil has arrested a 17-year-old suspected of orchestrating a compromise of the Spanish Socialist Workers' Party (PSOE), resulting in the theft of around 10 gigabytes of data.

Authorities carried out searches at two residences, seizing computer equipment, including laptops, hard drives, and USB drives. The suspect allegedly exploited a vulnerability affecting the PSOE's website to gain unauthorized access to internal systems.

According to local media, the compromised data included information on party employees, members, politicians, and activists. The stolen information was later advertised for sale on the Dark Web forum DF Community by a person using the moniker “EMBL.”

For its part, the PSOE said that the breach targeted an outdated party application that had been inactive ‘for years’ and did not contain current or sensitive personal data.