In September 2025, a Helsinki court ordered the release of Aleksanteri Tomminpoika Kivimäki (aka “Julius Kivimäki” aka “Zeekill”) pending the resolution of his appeal of an April 2024 conviction stemming from the theft of psychotherapy records of 33,000 individuals. Kivimäki was released because he might wind up having spent too much time in prison. But how much time have the victims spent suffering? Here’s a reminder of the enduring impact of the breach on one victim.
Jenny Kleeman reports:
As soon as Meri-Tuuli Auer saw the subject line in her junk folder, she knew it was no ordinary spam email. It contained her full name and her social security number – the unique code Finnish people use to access public services and banking.
The email was full of details about Auer no one else should know.
The sender knew she had been having psychotherapy through a company called Vastaamo. They said they had hacked into Vastaamo’s patient database and that they wanted Auer to pay €200 (£175) in bitcoin within 24 hours, or the price would go up to €500 within 48 hours.
If she did not pay, they wrote, “your information will be published for all to see, including your name, address, phone number, social security number and detailed patient records containing transcripts of your conversations with Vastaamo’s therapists”.