Hacked plastic surgery photos published online Published duration 31 May 2017

image copyright Getty Images

More than 25,000 private photographs have been posted online following a data breach at a plastic surgery clinic in Lithuania in March.

Passport and credit card details were also stolen from the Grozio Chirurgija clinic, Lithuanian police said.

After the release of hundreds of photos from the clinic in March, the rest of the database was published on Tuesday.

Patients in Denmark, Germany, Norway and the UK have received demands for ransoms of up to 2,000 euros (£1,737).

Lithuanian police say it is unclear how many of the clinic's clients have been affected but dozens have reported receiving such demands.

Officers said a hacking group called Tsar Team was behind the theft and publication of the data.

'Penalty fee'

In April, a group claiming to have carried out the theft sent the clinic a demand for 344,000 euros, calling it a "small penalty fee" for having vulnerable computer systems.

The perpetrators decided to publish the data when the clinic refused to pay, according to the Organised Crime and Corruption Reporting Project (OCCRP)

When the database was published on Tuesday, Lithuanian news site 15min reported that the group was demanding 113,500 euros for the full database, as "a lot of people have paid us to delete their data".

"It's extortion. We're talking about a serious crime," Andzejus Raginskis, Lithuanian Criminal Police Bureau's deputy chief, told reporters.

He warned that anyone who downloaded and stored the stolen data could be prosecuted and face a prison sentence of up to three years.