London Bridge Plastic Surgery

London Bridge Plastic Surgery (LBPS) operates as a plastic surgery clinic in London, United Kingdom, providing cosmetic and reconstructive surgical services to patients. The clinic's core offerings include various aesthetic procedures designed to alter or restore physical appearance, serving a clientele that ranges from general patients seeking elective enhancements to individuals requiring surgical reconstruction due to injury or medical conditions. While the specific scale of operations is not disclosed, the clinic's association with high-profile individuals, as alleged by cyber attackers, suggests it may cater to a niche market including celebrities and possibly royalty, though this remains unconfirmed by the clinic itself. LBPS, like other medical facilities, handles sensitive personal health information, including medical records, identification details, and visual documentation such as pre- and post-operative photographs, which are standard in plastic surgery practice for treatment planning and patient consent.

The clinic gained notoriety in October 2017 when it suffered a major security incident attributed to the hacking group The Dark Overlord. The attackers infiltrated LBPS's digital systems and stole extensive volumes of data, described as terabytes, comprising patient databases, personal information, and graphic surgical images. According to reports, the hackers publicly asserted that the compromised data included information on high-profile clients, specifically mentioning royals and celebrities, and they demonstrated their access by sharing explicit images with journalists. LBPS confirmed the breach, reported it to law enforcement, and acknowledged the theft of sensitive patient data, though it was still assessing the complete scope at the time. The Dark Overlord, known for previous attacks on U.S. medical centers, educational institutions, and entertainment entities linked to Netflix, threatened to release the entire patient list along with associated photographs, engaging in extortion and intimidation tactics. At the time of reporting, the group retained possession of the stolen data and had not yet broadly published it, but the incident highlighted the vulnerability of medical practices to cyber extortion and the severe privacy risks associated with the theft of intimate visual records. The clinic's response involved working with authorities and security professionals to address the breach, though detailed outcomes or long-term impacts on operations were not provided in the available information.