Finnish Hacker Aleksanteri Kivimäki Wanted After Supreme Court Upholds Prison Sentence
Finnish authorities have issued a wanted notice for convicted hacker Aleksanteri Kivimäki after the country’s Supreme Court declined to hear his appeal, finalizing his nearly seven-year prison sentence for one of Finland’s most severe cybercrime cases. The decision upholds a February 2025 ruling by the Court of Appeal, which found Kivimäki guilty of aggravated data breach, attempted extortion, and unlawful distribution of private information tied to the 2018 hack of psychotherapy provider Vastaamo.
The Eastern Uusimaa Police, acting on a request from Finland’s Criminal Sanctions Agency, are now authorized to arrest Kivimäki and transfer him to Vantaa Prison to serve the remainder of his sentence. His lawyer, Peter Jaari, stated that Kivimäki’s whereabouts are unknown but suggested he is outside Finland.
The Court of Appeal described the crimes as carefully planned, financially motivated, and causing exceptional harm to a large number of vulnerable victims, including children and individuals undergoing treatment for severe psychological trauma. While the offenses could have warranted the maximum sentence, the court reduced Kivimäki’s term by one month after he reached compensation agreements with some victims.
Kivimäki has consistently denied involvement, arguing that prosecutors relied on circumstantial evidence, challenged digital forensics linking him to the attack, and disputed cryptocurrency transactions tied to the extortion scheme. He was released from pretrial detention in September 2025 after courts ruled that his prolonged custody could violate his rights, with much of his sentence effectively served while awaiting trial.
The Vastaamo breach remained undisclosed until 2020, when the attacker first extorted the company before demanding ransoms from thousands of patients. After many refused to pay, confidential therapy records were leaked online. The attack exposed 33,000 patients, with over 24,000 reporting extortion demands, making it the largest criminal case in Finnish history by victim count. The fallout left lasting psychological and financial damage for those affected.
Source: https://therecord.media/finland-issues-wanted-notice-for-hacker-vastaamo-breach
Compass Psychology Finland cybersecurity rating report: https://www.rankiteo.com/company/compasspsychologyfinland
"id": "COM1784053418",
"linkid": "compasspsychologyfinland",
"type": "Breach",
"date": "2/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '33000',
'industry': 'Healthcare',
'location': 'Finland',
'name': 'Vastaamo',
'type': 'Psychotherapy provider'}],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '33000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (mental health records)',
'type_of_data_compromised': 'Therapy records, personally '
'identifiable information'},
'date_detected': '2020',
'date_publicly_disclosed': '2020',
'description': 'Finnish hacker Aleksanteri Kivimäki was convicted for '
'aggravated data breach, attempted extortion, and unlawful '
'distribution of private information tied to the 2018 hack of '
'psychotherapy provider Vastaamo. The attack exposed 33,000 '
'patients, with over 24,000 reporting extortion demands, '
'leading to psychological and financial damage.',
'impact': {'brand_reputation_impact': 'Severe',
'data_compromised': 'Confidential therapy records',
'identity_theft_risk': 'High'},
'investigation_status': 'Closed (conviction upheld)',
'motivation': 'Financial gain',
'ransomware': {'data_exfiltration': 'Yes',
'ransom_demanded': 'Yes (from both company and patients)'},
'references': [{'source': 'Eastern Uusimaa Police'},
{'source': 'Finnish Supreme Court'}],
'regulatory_compliance': {'legal_actions': 'Criminal prosecution'},
'response': {'law_enforcement_notified': 'Yes'},
'threat_actor': 'Aleksanteri Kivimäki',
'title': 'Vastaamo Psychotherapy Data Breach and Extortion Case',
'type': ['Data Breach', 'Extortion', 'Ransomware']}