A leading London-based plastic surgery clinic was reportedly hacked by The Dark Overlord (TDO) group and a trove of highly personal photos, including graphic images of in-progress breast and genetalia enhancement procedures, have been stolen.
The hacker group – which has previously targeted schools, medical centres and other organisations to extort victims – allegedly claims to now be in possession of photos of celebrities and some royal family members. It is not clear which royal families may be victim of the hack.
"We have TBs [terabytes] of this s**t. Databases, names, everything," a representative from The Dark Overlord told The Daily Beast. "There are some royal families in here."
The data was stolen from the London Bridge Plastic Surgery (LBPS) clinic, which confirmed the hack and the data theft in a statement.
The hackers reportedly shared some of the stolen photos of LBPS operations, which included in-progress and post-op images, as well as some revealing faces of patients.
The hackers have also reportedly threatened to leak the stolen photos to the public, including the "entire patient list with corresponding photos. The world has never seen a medical dump of a plastic surgeon to such degree," The Dark Overlord hackers told The Daily Beast last week. However, none of the stolen photos appear to have been made public yet.
However, it is still unclear whether the hackers have demanded any ransom from LBPS. IBTimes UK has asked the clinic for further information and is awaiting a response.
A spokesperson for the Metropolitan Police Service reportedly confirmed that it was alerted about the data breach and theft on 17 October. "Detectives from the Met's Organised Crime Command are investigating. There have been no arrests and enquires are ongoing," the Met Police spokesperson said.
Full statement on data breach from London Bridge Plastic Surgery (LBPS) clinic
"We can confirm that the Clinic has been the victim of a cyber attack. We took measures to block the attack immediately in order to protect patient information and we informed the Metropolitan Police who launched an investigation.
"Regrettably, following investigations by our IT experts and the police, we believe that our security was breached and that data has been stolen. We are still working to establish exactly what data has been compromised.
"The group behind the attack are highly sophisticated and well known to international law enforcement agencies having targeted large US medical providers and corporations over the past year. We are horrified that they have now targeted our patients.
"Security and patient confidentiality has always been of the utmost importance to us. We invest in market-leading technology to keep our data secure and our systems are updated daily. We are deeply saddened that our security has been breached.
"We are profoundly sorry for any distress this data breach may cause our patients and our team are available around the clock to speak to anyone who has any concerns by calling 0203 858 0664."
The Dark Overlord
The TDO hacker group has been known to sell stolen data on the dark web in the past.
Most recently, the group shut down an entire school district in the US for three days, stealing sensitive information, including names, addresses and medical records of current and past students.
Earlier this year, the hackers targeted Netflix, leaking unaired episodes of several shows. Last year, they targeted a Los Angeles-based investment bank.