DATA BREACH NOTIFICATION FROM GARANTI BANK INC.

12.12.2019

In accordance with the provision of article 12 paragraph 5 of the Law on the Protection of Personal Data[1], GARANTI BANK INC. has fulfilled the obligation to notify the Turkish Data Protection Board (the “Board”) about the data breach as a data controller. 

In the notification sent to the Board on 06.12.2019 they stated that;

  • An employee of the Bank sent 346 bank customers' branch numbers, account numbers, mobile phone numbers and the amount of investment transactions of these customers, to the e-mail address of a person whom she/he claims to be working with at an investment firm.
  • The breach had occurred on 31.10.2019, and was detected on 04.12.2019.
  • The violation was detected in the process where the internal processes for the control of e-mails sent to an external address.
  • Personal identifying information, communication, customer transaction and financial data of 346 customers affected by the violation.

In the public announcement published on the Board's website, it was stated that the investigation on the subject has been continuing.

You can find the relevant public announcement text (in Turkish) here.

Should you have any queries and/or remarks, please do not hesitate to contact us.

Kind regards,

Zumbul Attorney-at-Law

info@zumbul.av.tr


[1]In case processed personal data are acquired by others through unlawful means, the data controller shall notify the data subject and the Board of such situation as soon as possible. The Board, if necessary, may declare such situation on its website or by other means which it deems appropriate.”