On July 09, 2020, a public announcement about a data breach was published on the website of the Turkish Personal Data Protection Authority. According to the announcement, under the provision of Article 12, Paragraph 5 of the Law on the Protection of Personal Data, a Doctor sent a notification to the Turkish Data Protection Board (“the Board”). With this notification, the Doctor has informed the Board as a data controller on these subjects;

  • The system recording the patients’ information was exposed cyber-attack (ramsomware) on 05.07.2020
  • The breach was detected on 06.07.2020 by recognising the deletion of system,
  • Estimated 10.000 people that were affected by the breach, and the certain number is not be able to be known because the system has still not been used,
  • The personal data of the people who were affected by the breach are ID information, e-mail address, phone number, health information, medical history, examination findings, laboratory results and data containing sexual problems.

Although the investigation on the subject is still ongoing, with the decision of the Board dated 09.07.2020 and numbered 2020/540 it was decided that to announce the notification of the data breach on the website of the Board.

You can find the text of the public announcement (in Turkish) here.

Should you have any queries and/or remarks, please do not hesitate to contact us. 

Kind regards,

Zumbul Attorneys-at-Law