• @[email protected]
    link
    fedilink
    English
    10
    edit-2
    6 months ago

    Last paragraph is interesting (emphasis mine)

    Helsinki District Court handed Vastaamo’s former CEO Ville Tapio a three-month suspended prison sentence in April last year on a data protection charge because he did not fulfil General Data Protection Regulation (GDPR) requirements. This verdict was appealed by both Tapio and the prosecutor, and the appeal hearing will begin in May 2025.

    Apparently iirc the company had no security at all. Kivimäki didn’t ‘hack’; the username & password was some default setup. Not to take away from his assholery, but the responsibility for this horrific case doesn’t seem to apply in a justified manner.

    Edit here’s more of that from another article

    Ville Tapio, the former CEO of Vastaamo, was fired and also prosecuted following the breach. Ransom_man bragged about Vastaamo’s sloppy security, noting the company had used the laughably weak username and password “root/root” to protect sensitive patient records.

    Investigators later found Vastaamo had originally been hacked in 2018 and again in 2019. In April 2023, a Finnish court handed down a three-month sentence for Tapio, but that sentence was suspended because he had no previous criminal record.

    Tapio should get a prison sentence as well instead of a few months of house arrest / electronic surveillance. Absolutely criminally complicit

    • @[email protected]
      link
      fedilink
      English
      66 months ago

      I totally agree. The CEO was a total moron not investing enough in security and in my opinion should face heavy charges as well. The hacker is a total piece of shit however taking advantage of it.