Breach Database / Vastaamo

Yes — Vastaamo was breached.

What happened

In October 2020, the Finnish psychotherapy service Vastaamo was the subject of a ransomware attack targeting first the company itself, followed by their patients directly. The original security incident dates back to a period between late 2018 and early 2019 and exposed data including 30k unique email addresses, names, social security numbers and notes on individuals' psychotherapy sessions. This breach has been flagged as "sensitive" and is only searchable by owners of the email addresses and domains exposed in the incident.

What data was exposed

What to do right now

  1. Freeze your credit. A credit freeze at the major bureaus is free and blocks new accounts from being opened in your name.
  2. Expect convincing phishing emails. Attackers use breached details to write personalized emails. Be suspicious of any message referencing this service.
  3. Check your other accounts on Have I Been Pwned. Your email address may appear in other breaches you don't know about yet.
  4. Monitor the apps you use going forward. Clearly watches the breach record for the companies behind your apps and alerts you the moment one appears.

Breach data from Have I Been Pwned. Listing here means the service appears in the public breach record — not that your personal data was affected.