cross-posted from: https://discuss.tchncs.de/post/10692187

so, the company was Vastaamo. was because it got bankrupt after the breach, and GDPR violations.

the “hacker”(or rather cracker) was extradited from France to Finland.
you can read about how terrible the company’s security was here: https://tietosuoja.fi/en/-/administrative-fine-imposed-on-psychotherapy-centre-vastaamo-for-data-protection-violations

or watch mental outlaw’s video on the matter, or the Wikipedia article on the breach.

now there are several things that shouldn’t have happened (e.g.: don’t do these things on your main OS, have root access disabled, etc.), but I’ll leave that to you experts.

  • TWeaK
    link
    fedilink
    English
    549 months ago

    Sad that the company was able to declare bankruptcy, rather than the directors being held criminally liable.

      • TWeaK
        link
        fedilink
        English
        109 months ago

        That’s a start, but on its own pretty meaningless. A suspended sentence means he does not go to prison, so long as he behaves himself for a year or however long.

        The article doesn’t go into it, but I hope he was also fined heavily. All we have is “the court determined it could not be resolve through fines, a prison sentence is warranted”.

      • venia_sil
        link
        fedilink
        29 months ago

        See? CEOs get criminal liabilities! Capitalism works!

        (/s alas)