Three employees from Vastaamo are suspected of data protection crimes
NATIONAL OFFICE Investigation (KRP) on Monday stated that it has completed a preliminary investigation into the information security practices of the psychotherapy center Vastaamo and revealed that three employees responsible for information security are suspected of data protection crimes.
The case will now be submitted to the prosecutor for processing the charges.
Marko LeponenThe detective chief inspector in charge of the KRP investigation on Monday told According to Helsingin Sanomat, the investigation focused on the state of the psychotherapy center’s information security and privacy practices before and after the hacking series, which led to the disclosure of thousands of customers’ sensitive information on the dark web.
The data breach was discovered in the fall of 2020. However, the first hacking is believed to have already taken place in 2018.
According to Leponen, the three suspects have largely denied the criminal charges and have given conflicting statements about the progression of events and the distribution of information security responsibilities.
According to him, the research was challenging because it involved the collection and study of large technical data. The preliminary investigation of the data breach itself is still ongoing.
– The matter has been actively investigated for two years, and the investigation is still ongoing. It looks like we should get it figured out at some point, Leponen commented. “The investigation has not hit a wall.”
He declined to speculate on the investigation’s timeline, saying investigators are moving “one day, one week and one month” at a time.
KRP has previously revealed that “one interesting line of research” points outside of Europe. Psychotherapy center Vastaamo was declared bankrupt in February 2021.
Aleksi Teivainen – HT