The quicker a phone's answered in sales, the slower it's answered in customer services - Brownridge's Law
THE HARLEY MEDICAL GROUP, a cosmetic surgery practice, has written to almost half a million potential patients and told them that it might lost their personal data to hackers.
The firm has confessed to its suspected loss on Twitter and has told its followers that patient records are secure and that clinical and financial information has not been touched. What has been accessed illegally are the details of people who were seeking information about getting a new nose, a higher arse, or larger boobs.
Gone are names, addresses, email addresses, phone numbers and information about procedures desired. Some potential patients have reacted to the leak of their information by leaking their own information.
@Lozzypurser We apologise initial enquiries were accessed illegally and have taken steps to ensure this will not happen in the future.— Harley Medical Group (@harleymedical) April 15, 2014
The firm released the letter that it sent to its potential customers through Twitter. It said that it told the police and the UK Information Commissioners Office and that the heist was part of an effort to extort the company.
"We acted immediately when we became aware that an individual had deliberately bypassed our website security, gaining access to contact information from initial inquiries, in an attempt to extort money from the company," it said.
"We acted immediately to deal with this situation we informed the police and will continue to provide what whatever assistance they may require to track down the perpetrator of this illegal act... At the same time our website was taken down while a fix was put in place. Further upgrades will be implemented in the near future."
The ICO confirmed it was notified, and told The INQUIRER that it plans to do something. "We have recently been made aware of a possible data breach involving the Harley Medical Group," it said.
"We will be making enquiries into the circumstances of the alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken." µ
Sign up for INQbot – a weekly roundup of the best from the INQ