Aleksanteri Kivimäki's hacking of psychotherapy centre Vastaamo's patient database led to a case with the largest number of victims in Finnish legal history.
Helsinki District Court handed Vastaamo’s former CEO Ville Tapio a three-month suspended prison sentence in April last year on a data protection charge because he did not fulfil General Data Protection Regulation (GDPR) requirements. This verdict was appealed by both Tapio and the prosecutor, and the appeal hearing will begin in May 2025.
Apparently iirc the company had no security at all. Kivimäki didn’t ‘hack’; the username & password was some default setup. Not to take away from his assholery, but the responsibility for this horrific case doesn’t seem to apply in a justified manner.
Ville Tapio, the former CEO of Vastaamo, was fired and also prosecuted following the breach. Ransom_man bragged about Vastaamo’s sloppy security, noting the company had used the laughably weak username and password “root/root” to protect sensitive patient records.
Investigators later found Vastaamo had originally been hacked in 2018 and again in 2019. In April 2023, a Finnish court handed down a three-month sentence for Tapio, but that sentence was suspended because he had no previous criminal record.
Tapio should get a prison sentence as well instead of a few months of house arrest / electronic surveillance. Absolutely criminally complicit
I totally agree. The CEO was a total moron not investing enough in security and in my opinion should face heavy charges as well. The hacker is a total piece of shit however taking advantage of it.
Last paragraph is interesting (emphasis mine)
Apparently iirc the company had no security at all. Kivimäki didn’t ‘hack’; the username & password was some default setup. Not to take away from his assholery, but the responsibility for this horrific case doesn’t seem to apply in a justified manner.
Edit here’s more of that from another article
Tapio should get a prison sentence as well instead of a few months of house arrest / electronic surveillance. Absolutely criminally complicit
I totally agree. The CEO was a total moron not investing enough in security and in my opinion should face heavy charges as well. The hacker is a total piece of shit however taking advantage of it.