Police in Lithuania say more than 25,000 private photos and personal data — including nude pictures — were made public Tuesday following the hacking of a chain of plastic surgery clinics.

Police said a hacking group called Tsar Team broke into the servers of Grozio Chirurgija clinics earlier this year and demanded ransoms from the clinic’s clients in Germany, Denmark, Britain, Norway and other EU countries.

Police say after threats, several hundred images were released in March and rest of the database was made public on Tuesday. It’s unclear how many patients have been affected, but police say dozens have come forward to report being blackmailed.

“It’s extortion. We’re talking about a serious crime,” the deputy chief of Lithuania’s criminal police bureau Andzejus Raginskis told reporters.

Police are working with security services in other European countries and have warned that people who download and store the stolen data could also be prosecuted.

“Clients, of course, are in shock. Once again, I would like to apologize,” Jonas Staikunas, the director of Grozio Chirurgija, told local media. “Cybercriminals are blackmailers. They are blackmailing our clients with inappropriate text messages.”

Staikunas said victims were asked to pay up to 2,000 euros ($2,238) to guarantee that nude images, passport copies, social security numbers and other data would not be made public. The hackers had also demanded that the clinic pay 344,000 euros ($385,000) in ransom to prevent the data dumping, but it refused.