A 26-year-old Finnish hacker, Aleksanteri Kivimäki, has been sentenced to six years and three months in prison for orchestrating Finland's largest cybercrime, targeting a private psychotherapy center, Vastaamo.

This landmark case has sparked outrage across the Nordic nation, with approximately 24,000 individuals filing criminal complaints.

Finnish Cybercriminal Sentenced for Major Data Breach, Blackmail

According to ABC News, Kivimäki was found guilty of numerous charges, including aggravated data breach, blackmail attempts, and dissemination of private information. The court described the crimes as "ruthless" and highlighted their severe impact on the psychological well-being of the victims.

The cyberattack, which came to light in October 2020, involved Kivimäki hacking into Vastaamo's information system and accessing the confidential records of over 33,000 clients. Detailed notes from therapy sessions were among these records, making the breach particularly sensitive.

Prosecutors revealed that Kivimäki demanded a ransom of approximately 370,000 euros from Vastaamo, threatening to publish the compromised patient records if his demands were not met.

When the center refused to comply, Kivimäki began releasing therapy patient information on the dark web and extorting individual patients, with about 20 individuals paying the ransom.

READ MORE: US Wants Improved Safety Tech on New Cars and Trucks by 2029 to Prevent Pedestrian Fatalities

Finnish Hacker's Data Breach Led to National Trauma

Kivimäki, who had a history of cybercrimes, including previous convictions at the age of 15, denied all charges. Despite his denial, the court convicted him on all counts and imposed a sentence of six years and three months, slightly less than the seven years sought by prosecutors.

The severity of the cyberattack prompted the Finnish government to expedite legislative changes, allowing citizens to change their personal identity codes in cases of significant data breaches.

According to Bloomberg, officials viewed the breach as a national trauma on the same level with a terrorist attack. The leaked patient database contained completely personal information, including humiliating confessions. To make matters worse, some of this sensitive information was published online, resulting in an influx of complaints in 2020.

Tragically, some victims succumbed to the distress caused by the leaked information. Lawyer Jenni Raiskio stated that at least a few patients died by suicide as a result of the breach.

Posting the breached data on the internet led authorities to catch Kivimäki eventually.

Despite the gravity of his crimes, Kivimäki's sentence could be reduced under Finnish law. Bloomberg reports that he is expected to serve only half of his sentence, reduced by the 15 months spent in detention during the trial. However, Kivimäki's lawyer has indicated that he intends to appeal the verdict.
READ NEXT: OpenAI, Microsoft Face Lawsuit Over Unauthorized Use of News Content