Vastaamo’s Former Boss Gets 3-Month Suspended Sentence Over The 2020 Hack
Read also: The iSpoof scam website founder pleads guilty, Google is suing the distributors of CryptoBot malware, and more.
Thursday, April 27, 2023
Ex-CEO of Vastaamo gets 3-month suspended sentence over a breach
Ville Tapio, a former top manager of Helsinki-based private psychotherapy center Vastaamo, was given a three-month suspended sentence for his failure to secure patient health records, as required under the EU's General Data Protection Regulation (GDPR).
The breach came to light in late 2020, when the Finnish therapy clinic revealed that hackers obtained confidential treatment records of tens of thousands of patients. The stolen data was used to extort the company and later its clients. In December 2021, the Finnish data watchdog fined Vastaamo €608,000 for violating the GDPR. Tapio was let go by the Vastaamo board soon after the breach.
In February 2023, French law enforcement authorities arrested Julius “Zeekill” Kivimäki, believed to be the mastermind behind the Vastaamo hack.
Initially, the court said that the severity of the crime warranted an unconditional jail sentence, but commuted the sentence since the former Vastaamo boss had no prior criminal record.
Request your free demo now and talk to our experts.
iSpoof scam website founder pleads guilty
Tejay Fletcher, a man behind the online scam shop called iSpoof, pled guilty to multiple charges following the largest fraud investigation led by UK’s Metropolitan Police.
iSpoof was a website that allowed cyber crooks to make spoofed calls posing as trusted entities like banks, retail companies and government institutions, send recorded messages, and intercept one-time passwords.
The service was shut down in last November as a result of an international operation involving multiple law enforcement agencies. According to Europol, iSpoof caused a worldwide loss of over €100 million.
Fletcher pled guilty to four charges, including making or supplying articles for use in fraud, encouraging or assisting the commission of an offense, possessing criminal property and transferring criminal property. A sentencing date has been set for May 18, 2023.
In related news, Esteban Cabrera da Corte, a leader of a cybercriminal gang that scammed US banks and an unnamed cryptocurrency exchange into refunding millions of dollars the crew had spent on cryptocurrency purchases, pled guilty to wire fraud and agreed to pay around $3.6 million in restitution.
US sanctions three money launderers tied to North Korea’s Lazarus cybercrime group
US authorities slapped sanctions on three men linked to North Korean government-backed cybercriminal cluster Lazarus Group believed to be responsible for multiple high-profile cyber-attacks and crypto heists, including the $620 Axie Infinity theft and the $100M Harmony hack.
The three men - two OTC traders Wu Huihui and Cheng Hung Man, and a representative of North Korea’s Korea Kwangson Banking Corp Sim Hyon-Sop - are said to have been involved in laundering cryptocurrency stolen by Lazarus to fund Kim’s regime.
In addition, the US Department of State is offering a reward of up to $5 million for information leading to the arrest or conviction of Sim Hyon-Sop in connection with money laundering and shipment of tobacco and other goods, which helped North Korea raise money for its weapons programs.
Sensitive data of 630M Chinese users is being advertised on cybercrime forum
A threat actor is offering for sale a huge trove of data allegedly belonging to more than 630 million Chinese users on a Russian-speaking hacker forum.
The data leak allegedly includes personal and financial information such as full names, national ID numbers, home addresses, mobile phone numbers, gender, and bank card numbers.
According to the seller’s claim, 30% of entries contain bank details. An analysis of data samples provided in the forum post revealed that most users had UnionPay bank cards.
The threat actor claims the data was stolen in April 2023, but it’s currently unclear where it did come from.
Google takes legal action to hinder the spread of CryptoBot malware
Google is suing the distributors of CryptoBot, a data stealing malware, which in the past year alone infected more than 600,000 computers worldwide, as part of its ongoing campaign against cybercriminal operations.
The lawsuit targets several major CryptoBot’s distributors allegedly based in Pakistan.
Google obtained a temporary restraining order that allows the company to disrupt the malware’s infrastructure and impede the spread of CryptoBot.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law. 
